When staying at a stranger’s private home rental on Airbnb, be on high alert when connecting your computer or smartphone to the home’s WiFi internet connection.
It could be infected by a past guest.
That’s the advice from Jeremy Galloway, a computer security researcher who highlighted the dangers during a presentation at the Black Hat cybersecurity conference in Las Vegas on Thursday.
Galloway noted how easy it is for a person who stays at an Airbnb rental to essentially poison the home’s WiFi machine — and spy on the homeowner and their future guests.
A would-be hacker can simply grab the home’s WiFi router, hold down the reset button, then turn on a feature for remote access.
Any future guest then runs the risk of having someone gain access to their bank account, email, or anything else they do while staying at an Airbnb.
“Be aware. Be skeptical,” Galloway said during his talk. “Right now, the only thing an attacker needs to own your network is to walk in.”
His advice? If you’re a guest, use a protective service like VPN when connecting online, or use your smartphone as an internet hotspot instead. If you’re a homeowner, lock up your WiFi router.
The notion that connecting to an unfamiliar WiFi network is potentially unsafe isn’t new. It’s common sense to avoid doing online banking — or checking sensitive communications — while connected to
a coffee shop’s WiFi network.
But Galloway pointed out that people don’t tend to think of a private homeowner’s WiFi as dangerous territory.
Airbnb downplayed this issue, saying it advises homeowners to store WiFi routers securely and out of reach of guests. Homeowners are also advised to change the WiFi password after every guest.
“We take cyberattacks and identity theft very seriously,” Airbnb spokesman Nick Shapiro said in a written statement. “We advise all hosts to lock up personal documents and to put their mail on hold.”
Airbnb also indicated that a hacker wouldn’t be able to pull this off repeatedly because the company can look back and track past visits to narrow down its list of suspects — something it already does to help police catch burglars, arsonists and identity thieves.