Short term rentals have grown exponentially over the last five years. This market is said to be a $100 billion industry, on track to be worth $170 billion by 2019. At the BlackHat Conference in Las Vegas, Jeremy Galloway pointed out the specific threats to wi-fi security for the millions of travelers using the internet while home sharing.
Galloway is a Security professional for software giant Atlassian who has worked to solve security problems for over a decade. In his presentation, he stressed that yes, the innocuous router sitting at your Airbnb is worth hacking and that in fact, it's these simple, widespread threats that can cause the most damage, not the threats from elite foreign governments, as the media would have you believe.
Here's how to understand and mitigate this threat, and keep yourself safe when getting on the wi-fi at your Airbnb – or any of the dozens of other short term rentals available as you travel.
Why Wi-fi Security at a Home Is No Better than at a Hotel
Ask a room of security professionals, like a group of BlackHat attendees, whether they are willing to connect to wi-fi without using some secondary form of protection, and the answer will be a resounding “No.” But plenty of business travelers operate under the assumption that wi-fi security is increased at an Airbnb as opposed to connecting to the same network as hundreds of other visitors.
Well, it's not.
When you connect to a router, you're potentially connecting to anyone who has had access to the router before you. Even if it seems like your browsing session was safe: no threats detected, no ghouls appearing on your screen — it's the access to your system for future use that creates the potential for harm.
Long after you return home, the monitoring of your traffic is one way you've become a target. The hacker sees that you've just purchased shoes on Zappos, and you receive a spoof email asking you to update credit card information. It's noted that you're in the middle of a real estate transaction, and you're sent wire instructions that appear to be from the other professionals you're working with.
How to Protect Your Data While Connecting to Wi-fi
According to the US Department of Homeland Security, the potential impacts of a compromised network include “…exposure of sensitive information, modification of trusted data, and injection of data.” Don't let this happen to you, no matter where you're connecting.
You can use protection while traveling, working as a digital nomad, or settling in at a coworking space by using one or all of the following:
- Verify that the physical security of the server you're accessing is intact: Is the router or DNS physically inaccessible? Depending on the locale, you want to know it's at least in a locked enclosure. Other Fort Knox-type measures that can be taken include EMF blocking and seismic sensors. But really, at the very least the router should be locked and the reset button should not be accessible.
- Get yourself a trusted free VPN. For casual or occasional use, you can encrypt your own data while connecting to Wifi. There may be limits, though, on how much data or how much time you can use. Read our review of one of these, Hola VPN. To get more serious, see #7.
- Do your sensitive surfing on your mobile. If you've got to access your banking app, for instance, use your data plan and access that app off Wifi. Period.
- Tether to 4G/LTE. Use your own hotspot if in doubt. This allows you to get your laptop online without worrying about compromise.
- Never use plaintext authentication. What's plaintext auth? When you connect to HTTP, FTP, Telnet, POP3, SMTP, LDAP, or VNC, you're connecting across unencrypted servers. It's assumed that when you're connecting to these types of servers, that your setting is already secure and your access has already been validated. As such, you should only visit sites like this while at home – or you should be sure that you're not accessing any sites that require a login or that transmit potentially identifiable information about your traffic. To know you're secure, check for an HTTPS or SFTP setting.
- Use Two Factor Authentication for your cherished data. Find out if a website supports 2FA by searching for it here. This means that even if your Wifi is compromised and someone is monitoring your traffic, they'll only have one piece of the access puzzle.
- Buy your own anonymous VPN plan. This is the most serious way to protect yourself while using any Wifi and can actually remove the need to be concerned about the other options listed above. When using an Anonymous VPN, you will encrypt all of your traffic, even if visiting insecure sites on questionable networks. You've got to do your research and trust your VPN provider. Read our review of Cyberghost VPN.
How to Provide Wi-fi Security for Visitors
If you're putting your own property on the short term rental market, you probably know that in addition to pillows and towels, you've definitely got to offer wi-fi for your guests. But admit it: You spent more time choosing potpourri and doormats than you did researching how to purchase, setup, secure, and install the router. Literally anyone can be a hacker — a bored teenager who opted to stay in for the day rather than going sightseeing with the fam — and it's insanely easy to breach the security of a wi-fi router.
- Lock it up! You've seen those plastic cases that prevent the hot-and-cold wars in public office spaces by preventing access to thermostats. Do the same thing with your router! In fact, save money and buy an enclosure that was designed for a thermostat. Your visitors should not be able to access the router in any physical way, including the ability to hit the reset button with a paper clip.
- Edit the administrative capabilities. Only you should be able to access the router remotely. If you don't set this up, anyone will be able to reference the default settings for your router and become the new administrator. So, yeah, this means that if the wi-fi goes down, your renter can't just manually reboot the router. Don't swap wi-fi security for convenience. You can remotely reset your router by accessing it with the admin settings that you set up.
- Every manufacturer offers online access to their manual. Follow the instructions to reset factory defaults.
- Additionally, check your router's instructions for creating a filter so that only YOU can remotely manage the router.
- Create a different network for your visitors. Buy a separate router with a different wi-fi setup than your personal connection. Don't share your wi-fi.
- Routinely back up and restore your router settings. You don't have to do this after every visitor, but a routine refresh is in order to thwart any potential hacks. Reference your router's support documentation — and again, it's going to be online.
- Add an Online Safety section to your welcome note. You've enclosed a personal note to your renters, telling them where to find the best coffee and maybe you've even left them a little mason jar of homemade jam. Great. Also, share some tips with them to keep themselves safe online — education helps everyone stay safe. This threat isn't going away soon. Print out some of the tips above for your renters, or share this link with them!
With 60 million users on Airbnb alone, chances are you will stay at or provide a short term rental sometime this year. Whether it's with Airbnb, HomeAway, VRBO, or any other service — these rentals provide millions of global opportunities for cyber attack. Follow these steps and keep your data secure.