The three Amsterdam offices of WeWork have poorly secured the Wi-Fi network that they offer to tenants, according to research from NU.nl. This allows a hacker without too much trouble in the computers of tenants to steal sensitive documents.
WeWork, part of the American The We Company, is a company that rents office spaces to companies or the self-employed. The company has offices in 33 countries, including offices in the Netherlands, all three in Amsterdam. According to the website, the company had more than 600,000 customers worldwide in November 2019.
NU.nl conducted research at WeWork Amsterdam with the help of two cyber security consultants. Accessing the WeWork WiFi network was easy; for example, WeWork uses a very easy-to-guess password to secure the network. The password can be found via Google.
It is fairly easy for hackers to intercept encrypted passwords and to access computers from companies that rent from WeWork. In this way, an attacker can open and view sensitive files on the devices.
According to the experts, the attack "with some expertise in systems and networks" is not difficult to carry out. In addition, according to the experts, there is a lot of information on the internet about this type of attack.
Vulnerability can give access to secret files
It is also possible to see computers from other companies on the network. It turned out that a large Icelandic airline has a folder to share files with each other. A hacker can attempt to gain access to this shared folder and thus gain access to potentially secret files.
In addition, a number of printers were visible, including from a major international software provider. These printers would be relatively easily infected by a potential attacker. They can then, for example, print and scan themselves, but can also request copies of everything that is printed and scanned. The experts call it very bad that this is possible.
In total it was possible to scan around thirty connected computers. The experts found a handful of printers from different companies and a number of shared folders were also visible.
One of the printers that were visible at WeWork.
Solution for poor security
A WeWork spokesperson told NU.nl "to constantly take security measures" to improve security. In addition, the company says it will start rolling out new Wi-Fi systems in February. Each user is given his own password and wireless traffic is separated from different users.
In September 2019, CNET reported that WeWork had poorly secured its Wi-Fi network at locations in America that in 2015 a tenant could see sensitive files from other companies. At the time, an attempt was made to contact WeWork to improve security, but the situation there was unchanged in September last year.