Teemu Airamo Sheds Light on Vulnerability
In 2015, Teemu Airamo, is the CEO and Founder of digital media company Viveca Media and discovered something disturbing. Airamo discovered that more than 200 companies operating in the same shared WeWork had their devices and financial records visible on the building’s network, reports CNET. After reporting his discovery to the WeWork community manager nothing has changed—four years later.
Airamo knows nothing has changed despite trying to contact WeWork on multiple occasions. He runs Wi-Fi scans on the flexible office space provider’s network and still comes across financial records, business transactions, client databases and emails from the companies around his office.
CNET got to review the scans and saw that 658 devices. Including computers, servers and even coffee machines were vulnerable on WeWork’s network and spilled out a large amount of data.
The news of WeWork’s vulnerable Wi-Fi security comes at a tough time for the flexible office space provider. The company’s postponed their IPO recently due to a lack of investor enthusiasm. Chief Executive Adam Neumann stepped down this week after investors questioned how much power he had as well as how he ran the business. The news also shines a negative light on one of the cons of shared workspaces and multiple sources sharing a single Wi-Fi network.
Public Wi-Fi security concerns aren’t new, but the stakes are higher in co-working spaces like WeWork. This is because businesses are paying for numerous amenities—including Internet access. While WeWork lists “super-fast Internet” as one of its perks on its website, security is not mentioned. According to CNET, the issue is made worse because multiple WeWork locations use the same password for its Wi-Fi network.
“If you’re on an open network, that information could be leaking out there,” MerchGo Chief Technology Officer and security researcher Mike Spicer told CNET. “It’s basically open for the picking for anybody who’s in range to see that data.”
WeWork did not respond directly to Airamo’s complaint due to a government-mandated “quite period” due to the postponed IPO. It instead released a blanket defense of its security policy.
“WeWork takes the security and privacy of our members seriously and we commit to protecting our members from digital and physical threats,” a WeWork spokeswoman said in a statement. “In addition to our standard WeWork network, we offer members the option to elect various enhanced security features, such as a private VLAN, a private SSID or a dedicated end-to-end physical network stack.”
How Can Users Protect Themselves
While WeWork does offer stronger security measures, they come at an additional cost. The private VLAN the company spokeswoman alluded to in her statement costs $95 per month with a $250 setup fee. A price office network meanwhile costs $195 a month, per WeWork’s website. However, some say those high security measures should be part of the initial purchase.
“It’s a reasonable thing to provide a person a baseline level of security included in the package,” Spicer said.
WeWork’s biggest selling point—shared working spaces is also the reason its Wi-Fi network is not secure. According to CNET, the network password shows up in plain text on the WeWork app. And even though mostly members use WeWork, anyone can buy a day pass to get in the building and access the Wi-Fi password. The person would just need some sort of With Wi-Fi seeking equipment since WeWork does not have anything on its security to prevent the theft.
“There’s hundreds of people coming in and out every single day,” Airamo told CNET.
Users can take preventative methods, though. Airamo said he started to use virtual private networks (VPN) to safeguard his data. When the VPN slowed down his company’s Internet speed, he customized a Raspberry Pi computer to route his network traffic. The data gets verified through a blockchain ID, according to CNET. WeWork also provides preventive measures—for clients willing to foot the bill. The company provides wireless client isolation that prevents people on the same Wi-Fi network from seeing each other’s activity. As well as firewalls to stymie Wi-Fi scanning activities, according to Sanyam Jain. Jain is an independent security researcher and member of the GDI Foundation.
Firewalls for Office Spaces
“A Wi-Fi firewall can continuously watch for rogue traffic and automatically disconnect any new access points,” Jain told CNET. “Instead of depending on employees to use Wi-Fi safely, a Wi-Fi firewall can disrupt non-compliant sessions to prevent confidential data disclosure.”
Of course, WeWork could just have a different password at each location. Since they don’t, clients worrying about whether their data is safe or not.