Roughly half of 3,000 retail stores monitored in eight major U.S. and European cities are exposing customers to the risk of identity theft by failing to adequately secure their wireless networks.
That's the conclusion of a six-week surveillance operation conducted by wireless security vendor AirDefense. While the survey and its conclusions are obviously self-serving, a Gartner analyst with established expertise in the identity-theft arena tells Associated Press that it is the most comprehensive evaluation of retail-store wireless security that she has seen.
According to the survey findings, a quarter of the retail stores were using no encryption whatsoever when transmitting customer data such as credit card and social security numbers; another quarter were using outdated WEP encryption; and the other half were doing a reasonable job of protecting sensitive personal information.
"You can drive down a street with a laptop and easily find wireless access points, and it does not require a great degree of sophistication," Gartner analyst Avivah Litan tells AP. "In technical circles, people talk about this all the time, but nobody ever puts it together broadly like this survey."
The surveillance was conducted in Atlanta, where AirDefense in based, as well as Boston, Chicago, Los Angeles, New York, San Francisco, London and Paris.
The WEP vulnerability is so well known that vendors such as AirTight Networks are providing new protective measures for an encryption method that has outlived its usefulness, according to experts.
AirDefense did the same kind of show-and-tell at February's RSA Conference and discovered a significant number of security pros in attendance don't follow their own advice.
The credit card industry has been pushing for tighter security measures among merchants and obviously has much work left to do.
Enjoy the holiday shopping season.
Welcome regulars and passersby. Here are a few more recent Buzzblog items. And, if you'd like to receive Buzzblog via e-mail newsletter, here's where to sign up.
Vinnie the IT pro vs. Verizon customer service.
Why phone-record thieves laugh at the law.
Santa's unimaginable data disaster to mean empty stockings on Christmas.
Gates on education: Knowledge is good.
Average Joe asks Bill Gates a priceless question.
BSA, software giants target little guys most often.
Can the geek press handle a Microsoft sex scandal?
Hacking for better grades gets 4 preppies bounced from elite school in Mass.
This year's "25 Geekiest 25th Anniversaries."
When the patient is a Googler and the doctor is a pompous jerk.
Cell phone jamming on the rise.
The Leader in Network Knowledge
Distinguish
It's necessary to distinguish between stores that fail to secure a wireless network, and those that actually transmit unencrypted data across that same network. I'll bet the first group (85% of stores according to the survey) is much larger than the latter.