Best Buy this week shut down its wireless cash registers in response to claims that sensitive data sent over the company's wireless store networks is vulnerable to eavesdropping hackers.
The retailer decided to suspend the use of wireless cash registers at its 475-plus stores, pending an investigation. The decision followed an anonymous post to a security forum in which someone claimed to have intercepted data - including possibly credit card information - traveling over a wireless LAN at a Best Buy store.
The post appeared Wednesday in a SecurityFocus.com e-mail list. It says that after purchasing a D-link WLAN card at a Best Buy store, the buyer installed the card on a laptop while still in the store's parking lot and discovered an unsecured wireless LAN connection. The source claims to have been able to intercept "...what looked to be like SQL queries and table headers in my logs... things such as CUSTOMER_ROUTEID, BANKNAME, REGISTER_ID and things of that nature...," as well as an apparent credit-card number in "clear text," the post says.
Advertisement: |
Minneapolis-based Best Buy Co. issued a brief statement: "Best Buy has deactivated our wireless temporary cash registers that transmit information via LAN connections. These registers are not Best Buy's main register terminals and represent a small percentage of transactions. Customer privacy is of the upmost importance to Best Buy and we will further investigate."
The wireless cash registers, which were on an IEEE 802.11b Wi-Fi network, reportedly were used only as backup for standard registers during busy times.
Wireless network security is notoriously imperfect, and stories abound about hackers driving around in cars and breaking into wireless LANs with easily obtained equipment. Experts have instructed users not to trust the out-of-the-box security provisions that vendors offer and employ additional security measures such as user identification/password, encryption and authentication.
Related wireless security news:
Wireless LAN security fix on tap from IEEE group
Network World, 01/07/02
Network World, 03/25/02
Network World VPNs Newsletter, 02/11/02
Researchers uncover wireless security flaws
IDG News Service, 02/05/01
RELATED LINKS
