AirBnBeware: Short Term Rentals Long Term Pwnage

Black Hat USA 2016

Presented by: Jeremy Galloway
Date: Thursday August 04, 2016
Time: 12:10 - 13:00
Location: South Seas IJ

What's scarier, letting HD Moore rent your house and use your home network for day or being the very next renter that uses that network? With the colossal growth of the vacation rental market over the last five years (AirBnb, HomeAway), travellers are now more vulnerable than ever to network based attacks targeted at stealing personal information or outright pwnage. In 2006, the security industry desperately warned of the dangers of using public Wi-Fi at coffee shops. In 2010, we reshaped the conversation around the frightful security of Internet provided at hotels. And now, in 2016, we will start a new battle cry against the abysmal state of network security enabled by short term rentals. Both renters and property owners have a serious stake in this game. Whether you're renting a room in a foreign city to attend a conference or you're profiting off of your own empty domicile, serious risks abound: MitM traffic hi-jacking, accessing illegal content, device exploitation, and more. Common attacks and their corresponding defenses (conventional or otherwise) will be discussed, with a strong emphasis on practicality and simplicity. This talk will contain demos of attacks, introduce atypical hardware for defense, and encourage audience participation.

Jeremy Galloway

Jeremy Galloway has been active in the security scene since 2002, focusing ondark corners of the internet, network security, hacktivism, penetrationtesting, intelligence gathering, privacy technologies, and hackeranthropology. When he's not making artisanal hacks or dreaming in 7-bit ASCII,his time is spent cycling, hiking, meditating, making street art, and studyingvarious branches of science, philosophy, and psychology. Although he aims toprotect the internet at large, his dream is to become Beyoncé's personalcyber-bodyguard. Jeremy is a proud member of both the Electronic FrontierFoundation and The Satanic Temple.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats