santos_douglas's Journal: Warparking Wireless Retail POS Terminals

SecurityFocus is running this article about the recent arrest of two Michigan men who parked their Grand Prix outside a Lowes home improvement store and were able to access and disrupt their unsecured WLAN. The network admin and ITT Tech student were able to intercept 6 credit card transactions, poke around the internal network, attempt to modify some software, and disrupt the operation of registers in stores as far away as California, South Dakota, Kentuky, and Florida. Officials were glad to report that they had not compromised the main credit card database. Both now face up to 10 years/$250,000 in fines. We all know about the inherent insecurity of wireless, but I find it particularly disturbing to know that major retailers are transmitting credit card transactions from registers completely in the clear all over, reportedly at Best Buy, Home Depot, Sears, Target, CompUSA, and Circuit City. This comes close on the heels of the first wireless criminal conviction of a North Carolina man intercepting medical records.