Hoo-boy, did this article get my attention! Having recently returned from Denmark and an AirBnb rental, and about to go out the door to another in France, this article took me by surprise. I’m not a worry-wart, but I do travel about eight times a year, and usually frequent AirBnb properties. Of all the things I fret about with these accommodations (which I find to be uniformly acceptable), internet security was not on my radar, But this got my antennae up.
The internet and computing are such an important part of my everyday life that I immediately eschew a property if it doesn’t have WiFi, and a fast connection at that. And while I sometimes travel with a door-stop as a burglary precaution, I never once considered that I might be vulnerable to an internet attack – not so much by the rental host, but by a previous occupant. But according to the experts, that is an increasingly likely scenario. What can I do to protect myself, I ponder?
This is an alarming development, because AirBnb is such a convenient and homey alternative to cookie-cutter, impersonal hotels – not to mention being loads cheaper. I don’t want to digress from the theme of security, but with the sharing industry, you can have access to an entire home or flat for only a fraction of the cost of a hotel, and most of the time with more amenities and conveniences. Thus, I can travel, say, eight times a year for the comparable cost of four or five trips utilizing a decent hotel.
Now I must add another factor into the equation when it comes to travel – internet security and the risk of being hacked. Needless to say, I’m not thrilled at the prospect, which is especially disconcerting and discomforting to a not too tech-savvy baby-boomer such as I. Frankly, it’s the last thing I would think to get worried about. Theft amd terrorist attacks, yes. But now, in the sanctity of my vacation abode, I could be… well… violated!
At first glance, I thought that the threat might come from a property host. But a host risks losing over the long-term, because AirBnb is a very controlled, streamlined operation with great communication between hosts and renters. But I can see where a problem might arise with previous lodgers. From the information contained in the Guardian article, the latter assumption is confirmed.
As it relates to unknown networks, the typical home network is likely to be less secure than a coffee shop Wi-Fi, let alone a hotel internet system. Security industry expert, Jeremy Galloway, spoke before an interested assemblage of like-minded folks at a recent Las Vegas’ Black Hat conference. He said the threat facing short-term renters has never been higher, even claiming that the risk of hacking has never been greater.
“The media gets this wrong all the time,” Galloway said. “The biggest threats you face aren’t from some elite foreign government with zero days, it’s from simple threats.” An AirBnb rental, he points out is far less sophisticated security-wise than typical systems.
To highlight this, he related a personal experience while vacationing in Colorado,
“I snowboard like a Texan, and I wanted to lift my spirits, so I thought: ‘I’ll head back to the rental, and hack the network to mess with my friends’ browsing, Within five minutes flat, I owned the network.”
A coffee shop or similar public WiFi spot have long been seen as vulnerable, but they are sophisticated compared to an Airbnb situation. The main problem is that the router at the heart of a home network is almost always physically accessible to everyone involved: not only the potentially devious host, but also previous renters.
Galloway alludes to the attack as a “paper clip” attack because the attacker inserts oneself into the router which, in effect, lets any attacker gain full admin rights over the router. From thereon, all options are on the table for the attacker including a “man in the middle” assault that would route net traffic to the attacker’s computer to access long after he’s left the dwelling. He can wait as long as necessary for something valuable to come along. The host can obviate much of the potential damage by physically locking up the router in a safe or cupboard. Perhaps, in time, more will.
In the meantime, travelers like me will only have to hope that, by being a discerning renter, and carefully scrutinizing the history of a property and its owner, avoid potentially dangerous situations can be avoided. But, in this day and age, it is likely a problem that will get worse before it gets better. I’ll have to check with my colleagues at BestVPN to see if I can make myself safer or, at least less vulnerable. In the meantime, I’ll just have to pray, I guess.
Editor’s note: As a group of techies, the BestVPN team values Stan for his “everyman” perspective. As with any public WiFi hotspot, a VPN will protect you when using the WiFi provided by your AirBnB host. This is because a VPN encrypts all data as it travels between your device and the VPN router. Even if a hacker has full access to the AirBnB router (and therefore your raw data), he/she will be unable read it because the data is scrambled using strong encryption. The moral of the story? Always use a VPN when connecting to a public hotspot (including an AirBnB one!).