AirBnBeware: short-term rentals, long-term pwnage

SecTor 2016

Presented by: Jeremy Galloway
Date: Wednesday October 19, 2016
Time: 13:25 - 14:25
Location: 701A
Track: Tech

What’s scarier, letting HD Moore rent your house and use your home network for day or being the very next renter that uses that network? With the colossal growth of the vacation rental market over the last five years (AirBnb, HomeAway), travellers are now more vulnerable than ever to network based attacks targeted at stealing personal information or outright pwnage. In 2006, the security industry desperately warned of the dangers of using public Wi-Fi at coffee shops. In 2010, we reshaped the conversation around the frightful security of Internet provided at hotels. And now, in 2016, we will start a new battle cry against the abysmal state of network security enabled by short term rentals. Both renters and property owners have a serious stake in this game. Whether you’re renting a room in a foreign city to attend a conference or you’re profiting off of your own empty domicile, serious risks abound: MitM traffic hi-jacking, accessing illegal content, device exploitation, and more. Common attacks and their corresponding defenses (conventional or otherwise) will be discussed, with a strong emphasis on practicality and simplicity. This talk will contain demos of attacks, introduce atypical hardware for defense, and encourage audience participation.

Links

Jeremy Galloway

I’ve been serious about hacking and security since 2002. Since discovering my first issue of Phrack (0x0b, 0x3b) I knew that security was for me. Before long, I was consuming text files from former hacker generations at a feverish and insatiable rate. I began driving 2+ hours to the Houston 2600 meeting every month, and a new world was revealed. I’ve worked in IT for over 12 years, doing everything you can imagine – crawling in ceilings to run Ethernet, automation scripting with Python and Bash, virtualizing datacenters, analyzing malware, scouring pcaps, sysadmining, gathering threat intelligence & OSINT, compliance, disaster recovery, incident response, penetration testing, CNA/CNO, and broad scale offense/defense. My clients, customers, and employers are from the financial sector, higher education, healthcare/medical, law firms, high-tech, and span from startups to SMBs to Fortune 5s. Regardless of what I’m working on, security is always the focal point. It is a mindset.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats