Contents:
People have been travelling for thousands of years, whether out of necessity (for commercial, educational, governmental or religious purposes) or curiosity, so lodging and food became basic necessities a long time ago. Nowadays, accommodation options are multiple, one for every taste and pocket: hotels, apartments, campsites, lodges, villas, resorts, inns etc. Today, one of the tourism industry’s revolutionary innovations is Airbnb. How does Airbnb work? Is Airbnb safe from a cybersecurity point of view? We’ll discuss all these aspects below.
How Does Airbnb Work?
Airbnb was founded in August 2008 by Joe Gebbia, Brian Chesky, and Nathan Blecharczyk and has its headquarters in San Francisco, USA. The Airbnb concept took shape a year before that, when Joe and Brian could not afford to pay the rent for the apartment they were living in at that time. Consequently, as Dr Hayley Stainton says, “They transformed their living room into a bedroom in order to ‘share’ their home with three guests and provided them with homemade breakfast. “ More details on their journey can be found in the picture below:
How does Airbnb work? Dr Stainton explains:
It is a two-sided platform that facilitates the process of letting out and booking a property for travellers to stay in. […] On the one side, Airbnb provides the opportunity for homeowners to list their accommodation on the Airbnb app, which yields a rental income. On the other side, it provides travellers with easy access to a wide range of accommodation options. In a recent campaign, Airbnb promoted the experience as not just visiting a destination, but ‘living’ there. Airbnb claims that you can ‘feel more at home’, mix with locals and gain a more authentic travel experience by staying in the homes of others instead of in a traditional hotel.
Is Airbnb Safe? Accommodation Cybersecurity Concerns
Before trying to answer the question “Is Airbnb safe?”, one must have a general look over accommodation security concerns. Hotels, for example, would seem the most organized, but what happens there in terms of cybersecurity? Well, hotels are perfect data breach targets – they collect names, addresses, passport and identity documentation, credit card information etc. If you’re wondering “How common is it for hotel guests to have their data stolen?”, Security Boulevard notes:
Nine percent of U.S. consumers over the age of 18 have been the victims of data breaches from booking and staying at hotels, according to the Morphisec Hospitality Guest Threat Index report. So how many people have been breached? The population of the United States over the age of 18 is estimated to be 254.7 million as of July 1, 2019. If 9% of all American adults have been breached, that equals roughly 22.9 million people using the U.S. Census estimates. This is solely from breaches related to hotel stays.
What About Airbnb, Though? Security Boulevard notes that: “They recently created the position of Chief Trust Officer and implemented mandatory multi-factor authentication to name a few of the actions the room-sharing company has taken. As a result of these steps, AirBnB is now more trusted among consumers in their 20s and 30s than traditional hotels. Conversely, older consumers tend to trust traditional hotels more than Airbnb.” Airbnb does take (cyber)security seriously:
It is hard to overstate the importance of technology. It is one of the key advantages that sets us apart. At Airbnb, we are not only a hospitality and travel community, but we’re also a technology company. Unlike hotels, we use predictive analytics, behavioral analysis, and machine learning to assess the risk of each and every host, guest, and listing on our platform. This real-time detection system instantly evaluates hundreds of risk signals to flag and then stop suspicious activity in the first place. While no system is infallible, we screen all hosts and guests globally against regulatory, terrorist, and sanctions watch lists. For United States residents, we also run checks looking for prior felony convictions, sex offender registrations, and significant misdemeanors. We are working with additional governments around the world to identify where we can do more background checks.
They are also making efforts to keep the work of those who travel for business purposes safe. As Nick Shapiro, Global Head of Trust and Risk Management at Airbnb says,
We know that traveling for work requires different things than traveling for leisure, so we’ve tailored our business travel offering to help make things as easy as possible for travel managers and their employees. Once a company has registered, our Airbnb for Work company dashboard gives travel managers easy visibility and added control to keep track of employees while they’re spread across the globe. The company dashboard map clearly displays where each person is currently traveling and will be traveling in the future. The map page also displays each employee’s direct contact information, as well as details on the specific Airbnb host and listing where they are staying, so you can get in touch quickly if need be. For the employees themselves, our work collection filter ensures that they only choose from top-rated listings as well as the many amenities business travelers expect.
Nevertheless, Airbnb does pose some cybersecurity threats, as we’ll see below.
Is Airbnb Safe? Cybersecurity Threats
Fake renting offers
As Naveen Goud from Cybersecurity Insiders says, there are lots of
scammers posing as homeowners renting their flats & villas and duping innocent people for thousands of pounds. And as per an estimate prepared by Daily Mail more than 100 people a week are being cheated out of thousands of pounds by fraudsters, leaving them with no holiday to show for it. As per sources, scammers are targeting genuine profiles of owners who let their properties on rent on popular websites every year. They then intercept email communication, impersonate as owners and start a correspondence with the probable clients. After they succeed in posing as an owner, they then ask the person who wants the property for lease to transfer money to them on a direct note and then vanish with their cash without a trace. Victims are generally lured by fake websites constructed with photos and descriptions stolen from genuine holiday websites.
Infected Wi-Fi
Airbnb is more affordable than a hotel, which means that not all the guests are serious individuals. Before connecting to an Airbnb Wi-Fi network, bear in mind that you never know who stayed there before and what activities they were unfolding. Any hacker can reset the host’s Wi-Fi router and enable a feature that would grant them access to the traffic – this technique is called APT (average paperclip threat). From here, there is only one step towards MitM (Man-in-the-Middle) attacks and various types of malware installed on the next guests’ devices – or to the installation of monitoring software or malware.
Other threats imposed by an infected Wi-Fi are:
– sidejacking – “the use of unauthorized identification credentials to hijack a valid Web session remotely in order to take over a specific Web server. Usually, sidejacking attacks are performed through accounts where the user types in their username and password. […] Sidejacking employs packet sniffing to steal a cookie and read network traffic. The data sent to the server or the Web pages viewed by the victim are captured, allowing the perpetrator to steal private information and impersonate the user for personal gain.”
– shoulder-surfing – “shoulder-surfing aims to obtain personal data such as personal identification numbers (PINs), passwords and other sensitive data by clandestinely observing a victim, typically over their shoulder, either to observe the keystrokes on a device or by eavesdropping when sensitive information is being relayed by the victim.” Shoulder-surfing can happen when:
- someone enters the PIN at the ATM or cash-point
- someone uses their credit or debit card to pay for an in-store transaction
- someone logs into a banking application with username and password
- someone accesses corporate systems from a public location
- someone offers sensitive information verbally, in person or via the phone
– packet-sniffing – “a type of software designed to monitor and record traffic on a network. […] it can […] be used for malicious purposes, to snoop in on your private data exchanges. This includes your web browsing history, your downloads, the people you send emails to etc.”
Is Airbnb Safe? Known Issues
In 2018, at the incoming of GDPR there was a phishing campaign targeting Airbnb users that commanded them to update their personal information so that they can continue to use Airbnb services. Of course, the link through which this should have been done was a malicious one. The hackers knew very well that people would be expecting this kind of emails and that they would have probably taken action. Another privacy and data loss issue arose this year, when Airbnb confronted a bug that allowed some users to see other users’ messages in their account inboxes. Booking confirmations, with addresses and other details, were also available.
Is Airbnb Safe? Security Strategies for Hosts
As they declare, Airbnb has a great “commitment to the safety and security of guests and hosts” that “includes a global team of safety and security experts and a full range of safety practices including reviews, insurance, a host guarantee, and 24/7 global response and assistance.” However, it’s always recommended to do your part too when it comes to the (cyber)security of your rented spaces:
a. Connect to your guests and get to know them
One way of avoiding issues is being friendly and learning as much as you can about your renters. You can even create an online application form for the people that are interested, asking them for pictures and personal details, cell phone number, a copy of their driving’s licence, credit card information and social media addresses.
b. Don’t let guests access your router
As we have seen above, your router can be compromised with a simple thing like a paper clip. For this reason, it is recommended to keep it in a locked cabinet or some other secure space. You can, of course, for transparency reasons, explain why you took this measure if your guests ask.
c. Create an encrypted guest Wi-Fi network
This measure will limit who can access the Internet connection, but it will also prevent unauthorized access. You can then change the network keys after every set of guests leave or you can have the guest network turn off at a specific time.
d. Communicate using only Airbnb
People trying to communicate with hosts using other methods than the company’s built-in message system could be phishing for information. In order to avoid this, keep in touch with possible guests only through Airbnb’s system.
Is Airbnb Safe? Security Strategies for Guests
Guests also have to take responsibility for the cybersecurity of their devices when they rent an Airbnb, especially if they are on a business trip and they handle company data. If a data breach occurs, the possible consequences include revenue loss, time loss, reputation damage, even legal actions, so it’s best to be safe than sorry.
a. Consider the Airbnb’s Wi-Fi public
The best thing you can do when it comes to an Airbnb’s Wi-Fi network is to consider it a public network from the beginning, just like one in a café or an airport. Stay safe by using a VPN to encrypt and protect all your connections. Most importantly: never run a financial transaction over an unknown network.
b. Be careful with messages that seem to come from Airbnb
All legitimate payments get done through the Airbnb website. Any request for your phone number or email address falls outside Airbnb’s rules and should be reported. Advance fee, overpayment and phishing are worth mentioning Airbnb scams.
c. Log out from everywhere
You may come across Airbnb’s hosts that offer smart TVs with Netflix or HBO Go installed. If you log into your account, make sure you log out from everywhere before you go.
d. Don’t hit the road without antivirus and firewall protection
A good firewall will significantly reduce the chances of malware or ransomware infection. For your company devices, we can recommend our Heimdal™ Next-Gen Antivirus & MDM, which offers unparalleled threat intelligence, EDR, forensics and firewall integration.
Is Airbnb Safe? Wrapping Up
As we have seen, Airbnb takes various measures for ensuring the protection of both its hosts and its guests. However, cybersecurity is pretty much always a shared responsibility and each user should do their part. However you choose to proceed as regarding the use of the Airbnb application, please remember that Heimdal™ Security always has your back and that our team is here to help you protect your home and your company and to create a cybersecurity culture to the benefit of anyone who wants to learn more about it. Drop a line below if you have any comments, questions or suggestions – we are all ears and can’t wait to hear your opinion!