Half of more than 3,000 retail stores that a wireless security company secretly monitored at major shopping areas in the United States and Europe use wireless data systems vulnerable to hacking, the firm said yesterday.
The data that stores routinely transmit on wireless networks include credit card and Social Security numbers and other sensitive customer information.
AirDefense Inc., an Atlanta-based maker of security products for wireless data systems, found that about 25 percent of the stores' 4,748 wireless access points were exchanging data with no encryption at all to foil electronic eavesdroppers.
Another 25 percent were using an outdated encryption method called Wireless Equivalent Privacy that is easily cracked by thieves using widely available tools.
The remaining half of the access points, the connections between wireless devices and computer networks, were using newer encryption methods that are considered far harder to crack.
"You can drive down a street with a laptop and easily find wireless access points, and it does not require a great degree of sophistication," said Avivah Litan, a security analyst with Gartner Inc.
The six-week undercover project - at shopping areas in Atlanta, Boston, Chicago, Los Angeles, New York, San Francisco, London, and Paris - attempted to expose security holes in wireless networks that are increasingly used to transmit data inside stores.
"This survey provides only the tip of the iceberg to a much larger security problem," said Lars Laven, cofounder of the wireless security firm Columbitech.
