By now, you are no doubt familiar with short-term rental sites — AirBnB, Homeaway, and the like. Many of you reading this have used them, whether as guest or as host.
The business model of these sites has truly disrupted the travel industry and made travel more comfortable and accommodating for groups of friends and families. Having stayed in a few of these properties, I have always found it interesting how easy some of the homeowners make access to their personal items, including their Wi-Fi.
So, when I saw a panel listed at Black Hat entitled AirBnBeware: Short Term Rentals, Long Term Pwnage, I had to pop in for a listen. The speaker, Jeremy Galloway, opened by noting that his talk was inspired by a trip with friends during which he wanted to mess with their web browsing by hacking into the router. He figured it would take a few hours, but thanks to the homeowner of the bed-and-breakfast where they were staying, he was able to do it much quicker. The router was out in plain sight, so Galloway could plug his computer directly into it.
Why does this matter? More than 60 million guests stay in AirBnB locations over the course of a year, and the company boasts more than 2 million locations around the globe. Even without adding in numbers from other short-term-rental sites, that is a lot of people coming and going! That kind of volume means risk exposure could be quite large — even for people who stay just once in just one of these properties.
The talk itself was engaging and entertaining, but it did highlight a real problem for many people around the globe. We talk all the time about why you should avoid free Wi-Fi or be extremely careful while using it and how you should secure your home network — because we want you to be safe in your daily life. However, we also want you to be safe when traveling, and it’s important to know that when you are using someone else’s Wi-Fi, you never know who has been or is still lurking on there. The session offered some tips that we summarize below for both renters and homeowners.
Before you rent, consider:
1. Do you really need the Wi-Fi? Seriously, do you need to be on Wi-Fi on your vacation or can you live with using your mobile network and watching the homeowner’s cable?
2. If you answered yes to number 1, think about using your phone as a hotspot. If you do that, remember that you will be using your data plan, so keep an eye on your usage and download judiciously. You can also use a VPN to help you with a secure connection.
3. If you need to do online banking, use your bank’s official app, which will verify the connection.
4. Stay skeptical. Yes, we sound like a broken record, but you should always be aware of your physical and digital surroundings when it comes to travel. If something does not feel right, err on the side of caution.
Before renting out your house, remember:
1. Never allow access to your home network. If you are taking in lodgers, install a separate guest network. This will give guests the Wi-Fi they crave while also allowing you to keep your home network free of intruders.
2. Change the default passwords. Most routers have the admin key on the device — many are “admin” and “password” or similar. Changing this is a start to making your home network secure.
3. Secure the router. Your router and network are valuable. Keep the router in a locked closet or cabinet — or, if you do that, buy a locking case to add an extra layer of deterrent to any would-be hacker.
4. Start fresh. If you are renting your home out regularly, you may also want to consider backing up and resetting your router every few months.
5. Add security best practices to your welcome note. Many short-term rental owners leave a note for renters alerting them about places to go or things to see when in town. Add a few pointers on staying digitally secure to them and advice to your guests to practice good cyber-behavior.
Ultimately, both parties need to make security a priority. Sure, it is an extra step, but so is locking your front door. With the explosion of short-term rentals, you’re safest assuming criminals are always looking for another quick and easy mark, and there’s no reason it should be you.
