Why You Shouldn’t Use WiFi at an Airbnb Rental

The threat exploded at the most recent Black Hat conference when security expert Peter Galloway  proclaimed what he had done on a recent vacation: he went back to his Airbnb rental and attacked the WiFi network.  “Within five minutes flat, I owned the network.” Galloway proudly Said.

What Galloway is actually saying is that – after he took control of the network – he also owned just about everybody and anybody who used it to browse or to send emails. That means your every online move probably is his to see if you are also on that network. Essentially, your personal banking, your private email, your contacts, your every private thought is his. Eeeek!

Although, there are ways to protect yourself and your loved ones when. Thanks to Robert McGarvey of MirMay blog, below are options that SHOULD keep your data safe and secure.

The problem with vacation rental WiFi

Understand this first, however: this vulnerability is not unique to Airbnb. Any short term rental has the same susceptibilities. That means Vrbo, Homeaway, you name it.

Also know: this is a lot worse than the risks on hotel WiFi and those risks are so big that many experts have long advised travelers just to ignore the public WiFi in a hotel room or lobby.  But WiFi in a short-term rental may be dramatically more dangerous.

That’s because the bad guy usually will be able, easily, to physically access the router – and have his way with it.  In many cases, a paperclip is all that is needed to gain permission to reset the router. From there, the bad guy can do whatever his evil heart desires.  For instance, he can add a custom DNS server that in effect routes all network traffic through his own computer. That can persist for weeks, months, maybe years – because how often do you think Airbnb hosts exam their routers for security issues?


What do you need to do to protect yourself?

Start by asking the host where the router is. Offer a pretext: I’m having trouble connecting, let me see the router and I’ll know if I need to do anything special on my end. If the router is publicly accessible, you need to go into defense mode. If it is under lock and key, it’s your call – but if you easily talked your way in to see it, know that a criminal could do likewise. That’s why, without precautions, we cannot recommend using WiFi in a sharing economy lodging – even if you personally are friends with the owner (because how is he/she to know a past guest has not seized control of the router?).  In fact, even if you are the owner.

You have two options when it comes to using WiFi at a shared economy lodging.

Option 1: Do not use it.

Create a WiFi hotspot on your phone and tether a tablet or laptop to it.

On iPhone, open SETTINGS, click Personal Hotspot, slide the button to on.  Done.


On Android, open SETTINGS, under Wireless & networks, click more….then click Tethering & portable hotspot.  Slide to open the hotspot.


Your data will ride on the cellular data network – not the accommodation’s WiFi – and cellular networks usually are very secure.

The one downside: you can go through a lot of data using a hotspot. Don’t even think about streaming video and, honestly, songs, even large images and the occasional gargantuan PowerPoint will ding your monthly data charges. Stick with email, using simple apps, a little web surfing, tho, and a hotspot is fine.  It is what most security professionals turn to in their worried moments.

Option 2: Use a VPN.

Rocket VPN is free for light users.  The plus of a VPN is that it encrypts your data so that even if it is intercepted – and it will be when a criminal has hijacked the router – all the crook will see is computer gibberish.

The one downside of VPN: you may see a hit on speed but, honestly, you probably won’t notice it if doing routine tasks like sending email, posting to Facebook, and conducting mobile banking.

The good news: either of these avenues will let you stay in an Airbnb lodging knowing your data is safe. They are safe, they work, use them to travel more securely no matter where you stay.


We stand behind Mark’s recommendations, and if you have any additional questions please don’t hesisitate to contact secure sense for professional advice.

Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.

You can find Secure Sense on Facebook,  LinkedIn and Twitter. Follow us for current company and industry news.

Original post.