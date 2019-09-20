Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

WeWork's WiFi Security Worryingly Weak

A lack of security on WeWork's WiFi network has left sensitive user data exposed.

In August, Fast Company revealed that WeWork had used the same WiFi password at many of its rentable shared co-working spaces for years, a password that appears in plain text on WeWork's app. 

The security of the real estate company's WiFi came under further criticism yesterday when CNET reported that the network's poor security had left sensitive data of WeWork users exposed.

Evidence of the exposure was provided by Teemu Airamo, who has been routinely running security scans on WeWork's WiFi network since May 2015. Airamo's scans, which were reviewed by CNET, show nearly 700 devices, including servers, computers, and connected appliances, leaking bank account credentials, email addresses, ID scans, and client databases, among other data.

Airamo said that multiple attempts made by him to alert WeWork's upper management to the security problem were met with indifference. 

WeWork has around 527,000 members renting out its 833 spaces in 125 cities around the world. The company filed for an initial public offering (IPO) in 2018. However, earlier this week the IPO was postponed until the end of the year after the company's reported valuation fell from $47 billion to under $20 billion. 

A spokesperson for WeWork said: "WeWork takes the security and privacy of our members seriously, and we are committed to protecting our members from digital and physical threats. In addition to our standard WeWork network, we offer members the option to elect various enhanced security features, such as a private VLAN, a private SSID, or a dedicated end-to-end physical network stack.

"We are in a quiet period and can't comment beyond this statement." 

Commenting on this report, Craig Young, computer security researcher for Tripwire’s Vulnerability and Exposure Research Team, said: "For the most part, as people connect to networks with shared passphrases, they are opening their devices up to be tricked onto a rogue wireless network where the attacker can connect to exposed file sharing services and tamper with connections to load fake websites.

"My recommendation for concerned WeWork customers is to set up a VPN for their own private use."

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Duo Indicted in $10m Tech Support Scam Case

2
News

MITRE Names 2019's Most Dangerous Software Errors

3
News

Lion Air Breach Hits Millions of Passengers

4
News

Senior Execs Shun Cyber Risk as Concerns Grow

5
News

Vacationers Hit by Skimming Attack

6
News

Barclaycard: So Far, So Good for Strong Customer Authentication

1
News

City of Los Angeles Teams Up with IBM to Fight Cybercrime

2
News

WeWork's WiFi Security Worryingly Weak

3
News

US Air Force Bids $95m Cybersecurity Contract

4
News

Republicans U-Turn to Back $250m Election Security Boost

5
News

Senior Execs Shun Cyber Risk as Concerns Grow

6
News

Duo Indicted in $10m Tech Support Scam Case

1
Webinar

Preventing Email Data Breaches: A Modern Approach

2
Webinar

The Key to Successful Cybersecurity Projects: Asset Management - Asking the Right Questions

3
Webinar

Mitigating the Spear-Phishing Attack Threat

4
Webinar

The Insider's Motive: Defending Against the 7 Most Common Insider Threats

5
Webinar

Common IAM Fears and How to Overcome Them

6
Webinar

Moving from FTP to MFT for Security, Functionality and Data Transfer Compliance

1
Interview

Interview: Matt Davey, COO, 1Password

2
Opinion

The CFO’s Perspective: Steps to Quantifying Cyber Risk

3
News

#44CON: GPS Trackers Hacked to Make Premium Rate Calls

4
News Feature

Infosecurity Magazine Online Summit 2019: A Preview

5
Blog

Security by Sector: Charity Workers Least Likely to Receive Email Security Training

6
Opinion

Debunking Five Myths about Zero Trust