A couple of weeks ago, I told you never to use the smartphone/laptop chargers in airports. They will hack you. Now I have another warning for you. Never use the WiFi in your Airbnb. Don’t take my word for it, listen to Jason Glassberg, an “ethical hacker” and co-founder of Casaba Security.
Staying in a stranger’s house means you inevitably make yourself vulnerable to some risks, including scams, hidden cameras and discrimination. It can be hard to let your guard down while renting an Airbnb ― and you shouldn’t, even if everything seems to check out. That’s because there could well be another danger lurking in your rental that’s harder to detect: the Wi-Fi.
You probably know to use extra caution when using public Wi-Fi networks such as those at your local coffee shop or the airport. Even when a password is required to access the network, you’re at risk of a number of different kinds of attacks. A common one, is the “evil twin” attack, which involves setting up a fraudulent Wi-Fi access point that looks legitimate.
Users enter their credentials to log on or are directed to a malicious site that looks like the one they intended to visit but is actually secretly capturing their information. Similarly, a “man in the middle” attack allows hackers to essentially eavesdrop on web traffic and gain access to sensitive information the users believe is being shared privately. Someone can easily set up the very same infrastructure in the rental property.
It doesn’t take an ill-willed host for this to happen, either. Frequently, it’s past guests who have compromised the Wi-Fi. Unlike at your local coffee shop, a router in an Airbnb is often left out in a common space with no supervision, allowing anyone who stays there to tamper with it.
Hacking a Wi-Fi router can be as easy as using a paperclip to reset it and gain admin control. From there, scammers can review the router’s backup file for the credentials it’s stored, or reroute traffic to a personal computer where they can collect valuable data months or years later.
The Wi-Fi router isn’t the only way hackers can steal your data. There are a variety of devices often found in an Airbnb that can appear to be an added convenience but are really there to capture your information. For instance, a host might leave a tablet or desktop available to guests so they can check email or catch up on Facebook. Maybe there’s a smart TV that allows you to log into your favorite streaming service. All of these devices can be used to harvest user credentials with a simple key logger.
One of the big problems is password reuse. People will use the same password for their Amazon account, Gmail, Netflix, etc. The thing to remember is that these smart TVs are really computers stuffed in the back of a television. They can easily have things like video cameras, and they have online conveniences like Netflix. So, by capturing one set of credentials, it is likely that they could be reused somewhere else. Even an item as innocuous as a shared printer can pose a threat. Scammers can hack into the printer to view documents that have been sent to it or even install malware that lets them control it remotely.
Unfortunately, opting for a regular hotel won’t eliminate the risk. Hotels present a much wider net for hackers to collect information because there are a lot more guests. The payoff also is potentially higher, because more guests mean more people entering credit cards, etc.
There are a few easy things you can do to protect your sensitive information while using Wi-Fi. First, keeping your devices and computer up to date with the latest patches and software is the most important thing, whether you’re logging into your own network or somebody else’s. If you must use the Wi-Fi, consider going through a virtual private network (VPN). Another option is to use your phone as a hot spot, which creates a secure Wi-Fi network you can log onto with your laptop or other device.
Avoid visiting sensitive websites or performing financial transactions on an unknown network. For example, you’re probably fine checking the news, but don’t log into your bank account or PayPal a friend. At the end of the day, any infrastructure that’s not your own should be treated with a great deal of suspicion.
My WiFi went down during family dinner tonight. One kid started talking and I didn’t know who he was