Airbnb goes to lengths to protect guest and host security through its rating and reputation system. But there's one glaring weakness: Wi-Fi networks. Once a guest has physical access to a device, it’s usually game over, security-wise.
Public Wi-Fi is dangerous, and you should never connect to it unless you really know what you’re doing. If you’re not aware of the dangers, you should read this excellent piece by Maurits Martijn, after which you will be suitably terrified. In short, if a hacker is on the same network as you, they can snoop everything you do, and send you to fake sites without you knowing it. They could spoof your bank’s login page, or steal your email password. And that’s just if they’re on the same network. If you have access to the router itself, you can wreak all kinds of mischief.
In your average Airbnb rental apartment, the router is probably sat on a side table near the phone socket, just like the one you have at home. As a renter, you can now do whatever you want to it. Even if the settings are password protected, all it takes is a paperclip in the right hole to reset a router to factory settings, and then you can just Google the default password for that model.
Security engineer Jeremy Galloway decided to take over the router of an Airbnb apartment he and his friends were renting for a ski trip in Breckenridge, Colorado.
"In just a few minutes, he says he gained complete control over the network," writes Lorenzo Franceschi-Bicchierai for Motherboard, "and was able to force his friends to visit cat GIFs and meme websites whenever they tried to access Google, Facebook, or any other site."
It would be trivial for a malicious hacker to compromise the router and use it to collect passwords, for instance. And a hacked router would sit there, collecting information from all subsequent guests, until discovered and fixed.
It’s not just the guests that could hack a router either. The owner of the apartment might decide to spy on their renters, too. Either way, you should be careful.
"When you’re traveling and you’re on an unfamiliar network, you should behave like it, and not behave like when you’re at home," Galloway told Franceschi-Bicchierai. "You don’t use the Airbnb toothbrush, and you should probably think twice before just jumping on their network and putting your bank credentials in there."
Homeowners, too, can protect themselves. One option is to lock the router away, in a closet or in a locked box (although a metal box might act as a Faraday cage, blocking the Wi-Fi and making it useless). Another is to reset it yourself every time you swap guests. But perhaps don’t go too crazy worrying about this. After all, you’re letting people stay in your own home, and they could do far more damaging things than hacking your Wi-Fi. Just be careful, the same way you don’t leave the family jewels on the kitchen table when you welcome new Airbnb guests, and you should be fine.
Have something to say about this article? You can email us and let us know. If it's interesting and thoughtful, we may publish your response.