Motorola Global Survey Shows Retailers Working to Improve Wireless
Data Still at Risk
Motorola AirDefense's annual retail wireless survey finds 20 percent
more retailers are improving their network security
Atlanta, GA — Jan. 28, 2009 — The Enterprise Mobility business of Motorola, Inc. (NYSE: MOT) today announced results of its
second annual Motorola AirDefense Retail Shopping Wireless Security
Survey, which shows 44 percent of the wireless devices used by retailers
- such as laptops, mobile computers and barcode scanners - could be
compromised. While this is a surprisingly high percentage, it is
significantly lower than results from the same retail shopping survey
conducted in 2007 http://www.airdefense.net/newsandpress/11_15_07.php
which showed security vulnerabilities in 85 percent of wireless devices.
Survey research included a review of wireless data security at more than
4,000 stores in some of the world's busiest shopping cities including
Atlanta, Boston, Chicago, London, Los Angeles, New York City, San
Francisco, Paris, Seoul and Sydney.
Security vulnerabilities in wireless networks typically are the result
of weak encryption, data leakage, mis-configured access points and
outdated access point (AP) firmware. One of the more overlooked issues
with large retailers is a "cookie-cutter" approach to wireless
technology. By using the same technology, configuration, security and/or
naming conventions at all retail locations, vulnerabilities repeat
themselves across the entire store chain, rendering them susceptible to
attacks as well as Payment Card Industry (PCI) non-compliance.
"Retailers nationwide are improving wireless security, as quantified by
the significant drop in vulnerable wireless devices that were discovered
during this year's monitoring efforts," said Richard Rushing, senior
director of information security, Mobile Devices, Motorola. "However, a
significant majority of retailers are still susceptible to a network
intrusion - a sign that wireless security remains an afterthought for
Motorola AirDefense's Wireless Security Survey monitored 7,940 access
points http://www.motorola.com/business/v/index.jsp?vgnextoid=759b3acf35e95110VgnVCM1000008406b00aRCRD - the hardware that connects wireless devices
to wired computer networks - and discovered 32 percent were unencrypted,
compared to 26 percent in last year's survey. Finding the same result as
last year, 25 percent of APs were still using Wired Equivalent Privacy
(WEP) http://airdefense.net/newsandpress/04_02_07.php , the weakest
protocol for wireless data encryption, which can be cracked in minutes.
PCI Data Security Standard (DSS) version 1.2 prohibits new WEP
deployments in the Cardholder Data Environment (CDE) beyond March 31,
2009 and requires the elimination of WEP from the CDE beyond June 30,
Other interesting survey findings include:
Retailers in Los Angeles and New York City were deploying some form of
encryption on 77 percent of their wireless APs. Paris retailers ranked
second with 76 percent. Retailers in London and Boston ranked the lowest
with only 51 percent and 60 percent of APs, respectively, using some
form of encryption.
12 percent of all APs monitored were using WiFi Protected Access (WPA) http://www.airdefense.net/PCIpaper.pdf while another 27 percent were
using WPA-PSK (pre shared key), which is only as strong as the shared
password used to protect them. In total, only 7 percent of retailers
were using WPA2, which is the strongest WiFi security protocol available
22 percent, or 1,740, of APs were mis-configured, an increase from 13
percent in the 2007 survey.
Some networks were deployed using default configurations and service set
identification (SSID), such as "Retail Wireless," "Cash Register," "POS
WiFi," or "store#1234," and "Default". This signals to hackers that
nothing has been changed on these devices or the entire wireless
WiFi signage has become popular for retailers, advertising they offer
wireless. However, advertising an open wireless network may tip hackers
in targeting other customers, who may not be using effective data
32 percent of retail locations were leaking unencrypted traffic, with an
additional 34 percent of retail locations leaking encrypted traffic, for
a total of 66 percent. Data leakage is easily solved with simple
configuration changes or modifications.
"PCI compliance requires the immediate elimination of unauthorized
wireless devices from the CDE as well as an upgrade from WEP to WPA
within the next 18 months," said Sujai Hajela, vice president and
general manager of Enterprise WLAN, Motorola Enterprise Mobility
business. "Several high profile retail data breaches have exploited
wireless vulnerabilities, resulting in millions of credit card numbers
being compromised. Retailers need to understand that they cannot
properly secure their corporate or customer data with a passive approach
to wireless security."
Using Motorola AirDefense technology, Motorola scanned the airwaves at major shopping centers for the presence of wireless networks and
evaluated what wireless data security practices were currently in use.
This evaluation took place during the third quarter and fourth quarter
of 2008. No personal credit card information was obtained as the goal of
this survey was to raise awareness among retailers about the importance
of deploying best practices in wireless security to better protect the
information on retailer networks.
Motorola is known around the world for innovation in communications. The company develops technologies, products and services that make mobile experiences possible. Our portfolio includes communications infrastructure, enterprise mobility solutions, digital set-tops, cable modems, mobile devices and Bluetooth accessories. Motorola is committed to delivering next generation communication solutions to people, businesses and governments. A Fortune 100 company with global presence and impact, Motorola had sales of US $36.6 billion in 2007. For more information about our company, our people and our innovations, please visit http://www.motorola.com.
Kristin K. Callaway
Motorola Enterprise Mobility business
Industry Analyst Contact:
Motorola Enterprise Mobility business