Study: Many Retailers Vulnerable to Hacking

New York, It was reported Thursday that half of more than 3,000 retail stores that a wireless security company secretly monitored at major shopping areas in the United States and Europe use wireless data systems vulnerable to hacking.

AirDefense Inc., an Atlanta-based maker of security products for wireless data systems, found that about 25% of the stores’ 4,748 wireless access points were exchanging data with no encryption at all to foil electronic eavesdroppers.

Another 25% were using an outdated encryption method called Wireless Equivalent Privacy that is easily cracked by thieves using widely available tools.

The remaining half of the access points—the connections between wireless devices and computer networks—were using newer encryption methods that are considered much harder to crack.

The six-week undercover project—conducted at shopping areas in Atlanta, Boston, Chicago, Los Angeles, New York, San Francisco, London and Paris—attempted to expose security holes in wireless networks that are increasingly used to transmit data inside stores.

Wireless systems are believed to have been the entry points for recent large-scale data thefts at retailers, including a massive heist at discount retailer TJX Cos.

AirDefense privately notified retailers when it found major security flaws. It is not disclosing the names of individual retailers to avoid drawing hackers' attention.

Representatives for the National Retail Federation and credit-card associations Visa and MasterCard declined comment.

A spokesman for the credit-card industry organization that sets payment-security standards said wireless safeguards are key.

"We are working closely with retailers to identify and mitigate issues related to wireless technologies in payment environments and evolve the security of this technology," said Bob Russo, general manager of the PCI Security Standards Council.