study of the wireless airwaves at hundreds of Las Vegas retailers and hotels/casinos. AirDefense found the majority of retailers in Las Vegas using strong encryption protocols to protect data with 65 percent of the 640 Access Points (APs) discovered encrypted with Wi-Fi Protected Access (WPA) or WPA2. In stark contrast, 82 percent of the 1,557 APs discovered in Las Vegas hotels/casinos were using either no encryption or Wired Equivalent Privacy (WEP), the weakest protocol for wireless data encryption.

AirDefense conducted its study of retail shops, hotels/casinos by capturing the data as it leaked out of the buildings. While consequences of the wireless security vulnerabilities found in AirDefense’s Las Vegas study are difficult to quantify, unauthorized individuals with a desire to steal consumer information, retailer data or to disrupt networks are likely to look for the weakest link in the network, such as mis-configured access points.

AirDefense’s recent retail survey in San Francisco illustrates a trend of enhanced wireless security protocols in place as more than 60 percent of retailers use WPA or WPA2. For more information, log onto: http://www.airdefense.net/newsandpress/04_04_08.php. Retailers in Las Vegas and San Francisco are using enhanced encryption protocols well above the national average of 49 percent found in AirDefense’s groundbreaking “2007 Retail Shopping Wireless Security Survey” unveiled in November 2007 (http://www.airdefense.net/newsandpress/retail_pressrelease.php)

On the downside, many instances were discovered where retailers continue to use their store name in the Service Set Identification (SSID). An SSID is the name assigned by the equipment vendor to the wireless network during installation. SSIDs can easily be reconfigured but often times are not. Store SSIDs emit a broadcast signal for potential intruders to quickly pick up and fraudulently connect to default settings that haven’t been changed. In addition, AirDefense discovered high levels of data leakage as wireless functionality was added and left unprotected increasing the risk of exposing point-of-sale information and consumer credit card information.

“What was most surprising in studying hundreds of locations in Las Vegas is that as serious as retailers are taking wireless security today, the same can’t be said in the majority of hotels/casinos as most are making a poor attempt to secure wireless communications,” said Richard Rushing, chief security officer, AirDefense. “The most egregious findings were unencrypted APs set up to give hotel/casino guests Wi-Fi access, but at the same time giving intruders an opening to expand their beach head to troll for sensitive customer or corporate data.”

Additional Retail Study Anecdotes:

1. A greater number of high end retailers are offering free wireless to customers, inviting more traffic into stores. However, many consumers simply fail to turn on the encryption features of their personal wireless devices.
2. Poor selection of SSID or use of default SSID for applications such as “POSwireless” and “Air Retail.”

Additional Hotel/Casino Study Anecdotes:

1. Rogue APs present a huge threat with many interference and performance issues percolating creating the perfect cover for hackers.
2. Unencrypted and encrypted wired sided leakage of security protocols (Spanning Tree, HSRP, CDP, VTP, DTP, VRRP, and NetBios, is a critical problem in the hotels and casinos as a leaking path is not just one way, it’s bi-directional, what leaks out can leak back in.
3. Many of the hotels/casinos have deployed some of the newest wireless switches and AP hardware and are some of the only sites discovered to be using 802.11a.
4. Hotels/casinos along the strip are battling between high powered outdoor wireless networks and internal wireless networks.
5. A minimal amount of mis-configured APs were discovered as had been seen in past surveys. However, Linksys, Netgear and Dlink were found playing the role of rogue APs.
6. Numerous interference and performance problems were discovered with the wireless networks throughout the city.

Information Source:    Business Wire