Best Buy hit by WLAN snooping

[InfoSec News <isn () c4i org>]

http://www.theinquirer.net/02050207.htm

By Mike Magee, 02/05/2002 09:02:29 BST

US RETAIL FIRM Best Buy was forced to close its wireless network
yesterday after people were able to snoop on transactions by using
easy-to-obtain software running in laptops in parking lots.

Best Buy uses wireless technology to transfer data from cash tills to
central computers in their shops, but people are easily able to grab
packets containing all sorts of confidential data including credit
card details by tuning into the wireless waves.

One hacker on a board said that he had fired up Kismet outside a shop
last week and bought a unit with his own credit card to see what info
was transmitted.

He said that when he searched the logs he saw SQL queries and table
headers in his log including his own credit card number.

He tried a number of other Best Buy stores and his software was able
to pick up lots of other transactions from customers flying on the
airwaves.

WLANs are notoriously insecure, although safeguards can be built into
them.

Because the technology is comparatively cheap and also fast, it has
been touted as an ideal solution for large businesses wanting to save
money on their IT infrastructure.

At this year's Intel Developer Forum, the firm was dishing out loaned
WLAN cards to the world's foremost journalists, many of whom were
happily typing their stories and sending their emails under the
protective cone of a Chipzilla hotspot.

We wondered if this was necessarily a good idea at the time. Top
datacomms journalist Tony Dennis said that when Intel did a similar
thing at last year's Developer Forum, he noticed that the system was
inherently insecure.

Oops...



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.