I recently rented an Airbnb in Prague, but I got really worried when I logged in to the Wifi. 


The Arrival

We got into the apartment and I did what every normal human being does first: log into the wifi. They had the code neatly written on a piece of paper.

Being a security specialist I’m always interested in ways to get around the security of something. So I started with a quick network scan.

The router had the IP of 10.0.0.138, that’s the first place I wanted to look into. So I inserted the IP in my browser for further inspection.


Reconnaissance

I get to the web interface of the router. Shit. Password protected. Let’s try the username¬†admin with password¬†admin

Bingo! We’re in! That was easy.

I changed the language to from Czech to English and we were good to go.


Exploitation

Let’s say our goal would be to sniff all traffic that’s going through to the outside. We could just simply route all traffic to our remote server and make that server act as a gateway to the internet.

Packets (including passwords) would then be sniffed by the server and neither the owner or future guests would know.


Alternative exploits

There are numerous other exploits I’m thinking of, some less stealthy, some used by the owner, some by a possible guest.

 

1. Hardware UTP MITM attack

The owner could set up a sniffer device between the router and the outside world to sniff all traffic and steal all kinds of information. This would require the router to be hidden somewhere in the house.

 

2. Hardware ARP poisoning

A guest could set up a sniffing device in some unused hidden outlet around the house to sniff passwords by routing them through the device via ARP poisoning.

 

3. Wifi (Web Interface) Lockout

The guest could change the admin password of the router’s web interface or the wifi itself to lock new guests out. The owner could easily press the reset button on the device if needed.

 

4. Reset button exploit

The guest could reset the router to gain access to the web interface using the default passwords. Then set the SSID and password back to the originals but route traffic to a malicious server.


Protection

As a Guest

Do a Traceroute before you enter any confidential information. See where the traffic is going and act accordingly.

 

As an Owner

Hide your router physically somewhere where your guests cannot access it. Since most portable devices have wireless adapters, you don’t need any physical internet ports in your Airbnb

Sharing is caring!