“The biggest threats you face aren’t from some elite government with zero days, it’s from simple threats” – this is what Jeremy Galloway, security specialist, said at a Black Hat conference in Las Vegas.
What he meant by that is that using a public Wi-Fi network might be the last straw that breaks the camel’s back. Especially when we’re talking about home-sharing startups or even veterans in the field like Airbnb, the risks are exceedingly high.
Researchers and specialists all over the world claim that these short-term rentals now pose the highest risk when traveling. This is because the hosted Wi-Fi connection is not only accessible to all guests, but whatever is shared on the network is visible to anyone else as well.
The network password is passed on to large numbers of people who come and go, and sometimes you can find hackers among them. Since the password isn’t changed that often, the hacked network stays like that indefinitely, with countless visitors connecting to it.
What’s more, the real risk behind short-term rentals and their Wi-Fi networks is the fact that the home router is physically accessible to anyone in the location. This makes it easier for a hacker to gain complete access to the network and dominate everyone accessing it.
This can be done with a simple paperclip, like Galloway himself said. Stick a paperclip in the reset button of the router gives full control and admin rights to you because this procedure resets the credentials of the router.
The threat is real because, from then on, you can use a variety of ways to attack and take control of all the other guests. You can add a custom DNS server in order to perform a MITM (man-in-the-middle) attack and route the traffic through your own device even after leaving the establishment.
You can also set up an automatic service that copies the logs files from the router, so you can just wait until something worthy pops up on the network. In order to gain access to the stored credentials, just copy the backup files for the router.
If you’re using Airbnb or any similar short-term rentals, pay attention to whether the home router is accessible to visitors or not. If you can persuade your way to access it, then you have a problem on your hands.
Airbnb network routers can be easily hacked
You only need to have the most basic technical expertise to control the home router through a browser. Just find the assigned IP address, enter it in the address bar of your browser, and find the default login details of the router itself.
Using these credentials will give you control of the router and the network at the same time. Changing the gateway is something that most hackers would do once they own the network. For example, they can use a Raspberry Pi to ensure that all oncoming network traffic would be redirected through their device first.
This means that they will be able to collect all the data coming from all the other devices from the networks. Login details, browsing activities, confidential information, pictures, you name it. Everything is ripe for the taking.
With enough motivation, a hacker can use a single DNS server to create copies of web pages that are mostly similar to the real deal, Facebook or Gmail for example. From then on, it’s just a matter of persuading the other users into entering their login details. It’s very hard to notice the difference between the real web pages and the fake ones, so most people get duped.
While the probability of this happening is quite narrow, the facts remain – any Airbnb visitor can easily use a hidden device to collect credential and private information over the network without being noticed. Either the router password is changed or the device itself is discovered, these are only two ways a hacker is found out.
If you really have to use the internet while on a vacation, and you have no other solutions on hand, you can try the following:
- Create your own Wi-Fi hotspot network and use a cable to tether your laptop to the phone. Cellular networks are usually very secure, so the risks of getting hacked are brought to a minimum
However, you only have limited data to burn through if you don’t want to receive penalties. Streaming any video content is out of the question. Loading up large files filled with images or PowerPoints presentations will weigh heavily on your data meter as well. You’ll be limited to checking your email and surfing the web for the simplest of information.
However, your private information is safe, you don’t leak any sensitive data, and no hacker is keeping track of your activities.
- Consider using a VPN. This way, even if your data is intercepted when using the Airbnb’s public Wi-Fi network, the hacker will only be able to see bits and pieces of fractured information that he won’t be able to piece together.
The VPN’s top-notch encryption and many security measures are there to protect you from any invasive attempts, and to put a stop to cyber-criminals having their way.
The downside to this is that any VPN will lower your speed by quite a bit. It all depends on the online security provider itself, as well as the proximity to the server. In any case, you’ll be able to do simple activities such as checking your email, watching the occasional YouTube video or conduct your banking transaction.
The good news is, you can do whatever you want on the internet now because you know you’re safe and protected.
In the end, I advise you not to use Airbnb Hosts’ free Wi-Fi because the risks of being hacked are too great. If you really need to, use a VPN. That will mitigate any potential dangers.