nongmai,

My money's on you being lazy and not setting up encryption on your WiFi.

Turn on WPA2-PSK AES (with a proper, difficult password), turn on Client (or AP) Isolation if available (might be hidden away in some advanced settings screen somewhere), and then see if he can still sniff your data.