IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Privacy Risks Grow With Wireless Tech

Best Buy quit using wireless registers after reports to a Web site about a cracker obtaining a credit card number from the transmission of data.

NEW YORK (AP) -- Wireless networks are appearing with increased frequency at coffee shops, colleges and even retail stores, and their popularity is raising concerns about threats to privacy.

Just this week, Best Buy suspended use of wireless cash registers over concerns that eavesdroppers could obtain credit card numbers and other customer data by sitting in the parking lot with the right equipment.

"There are two sets of problems," said Ryan Russell, senior threat analyst for SecurityFocus.com in San Mateo, Calif. "Security measures built into most of these security standards have been broken. Second, people are just putting these [systems] in and not even trying to use the security measures."

Wired networks are often insecure as well, but, generally, someone has to get physical access to the wire or break an Internet security firewall. With wireless, someone only has to get close enough to pick up the signal, which can travel several hundred feet.

Brian Grimm, a spokesman with the Wireless Ethernet Compatibility Alliance, acknowledged that there were problems with the encryption that comes with the common and increasingly popular wireless standard known as 802.11b, or Wi-Fi.

But he said other security measures -- such as virtual private networking -- could be added.

"People need to protect [systems] commensurate with the value of the data," Grimm said. "As with any new technology, it provides benefits but there are responsibilities affiliated with it."

In the case of Best Buy, wireless devices allowed a store to quickly set up additional registers in a specific department when the regular checkout lines got too long. The devices use Wi-Fi.

On Wednesday, an anonymous user claimed on a SecurityFocus e-mail list to have grabbed a credit card number from Best Buy's system.

Laurie Bauer, a Best Buy spokeswoman, said security officials were "aware of the possibility" and decided to suspend the wireless registers after the posting. She confirmed that credit card numbers were among the data potentially sent through the wireless system.

She did not know what specific security measures had been in place, but said the company was now exploring encryption for wireless devices.

"Customer privacy is of utmost importance, and we are investigating why this happened," she said. "They were taken offline until we determine how to handle it securely."

Bauer added that wireless devices were used in at most one or two of the 30 or so registers at each store and that that no customers had complained. Best Buy operates more than 400 retail stores throughout the United States, and all had wireless capability.

The use of wireless networks has grown considerably in recent years.

Cahners-Instat estimates $2.4 billion in Wi-Fi sales this year, up from $1.9 billion last year and $660 million in 2000.

Companies and universities build entire computer networks around them to avoid having to drill holes and lay wires in existing buildings. Manufacturers, warehouses and retail stores use wireless scanners and other devices to track inventory.

Many airports and Starbucks coffee shops have wireless networks for traveling Internet users, while Apple and other high-tech companies market devices for setting up networks at home.

Richard M. Smith, former chief technology officer with the Privacy Foundation, said security is often an afterthought.

In the corporate setting, he said, someone with a laptop, a wireless card and software known as packet sniffers could potentially get passwords and confidential documents sent via e-mail.

"This would be perfect for industrial espionage," Smith said. "You could just sit in a car with a laptop and record everything."

Patrick Wheeler, product manager for wireless security at Internet Security Systems, said some tax preparers set up offices quickly by using wireless networks. He said Social Security numbers and income information sometimes went over the air with little or no security.

In the residential setting, someone could monitor "incoming and outgoing e-mail, what Web sites you are going to [and] all the files you are transferring," said Wayne Slavin, web master of NetStumbler.com, a wireless information site.

Hackers can also use unsecured wireless access points, be they home or office, to launch attacks.

Or they could get "information in your Quicken or money program that has all your account numbers," said Rick Doten, wireless product manager for Netsec Inc., a security company in Herndon, Va.

Copyright 2002. Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Sign up for GovTech Today

Delivered daily to your inbox to stay on top of the latest state & local government technology trends.