New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises

Unlike previous Wi-Fi attacks, AirSnitch exploits core features in Layers 1 and 2 and the failure to bind and synchronize a client across these and higher layers, other nodes, and other network names such as SSIDs (Service Set Identifiers). This cross-layer identity desynchronization is the key driver of AirSnitch attacks.

The most powerful such attack is a full, bidirectional machine-in-the-middle (MitM) attack, meaning the attacker can view and modify data before it makes its way to the intended recipient. The attacker can be on the same SSID, a separate one, or even a separate network segment tied to the same AP. It works against small Wi-Fi networks in both homes and offices and large networks in enterprises.

https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises/Open link View original on lemmy.world

194

Comments8

Shadow

lemmy.ca

Actual paper here is more understandable than this article - https://www.ndss-symposium.org/ndss-paper/airsnitch-demystifying-and-breaking-client-isolation-in-wi-fi-networks/

First, Wi-Fi keys that protect broadcast frames are improperly managed and can be abused to bypass client isolation. Second, isolation is often only enforced at the MAC or IP layer, but not both. Third, weak synchronization of a client's identity across the network stack allows one to bypass Wi-Fi client isolation at the network layer instead, enabling the interception of uplink and downlink traffic of other clients as well as internal backend devices.

paks

feddit.uk

If I'm understanding correctly, this is saying that isolation between different clients on the same VLAN is broken? But this attack doesn't break isolation between VLANs?

So the major issue is if you've got a guest network on the same VLAN as your main network

tidderuuf reply

lemmy.world

Basically every single one of those Xfinity Wifi boxes that people got for free in their household thanks to Concast and their skeezy attempt to bolster their "mobile" network.

Jolteon reply

lemmy.zip

Sanguine reply

lemmy.dbzer0.com

Correct me if I'm wrong, but the article does seem to indicate that isolation between VLANs is still secure assuming its set up correctly. A lot of folks set up VLANs but never complete the firewall rules afterwards.

user28282912

piefed.social

Just read the paper. ArsTechnica is such a terrible source for analysis on anything remotely technical.

IratePirate reply

feddit.org

Agreed. Reading this, or trying to, I was switching back and forth between "this is missing information" and "why provide this additional explanation?" The target audience isn't clear. Either go for the technical deep dive or provide a much higher-level explanation of what happened. Not this... mess in between.

hietsu reply

sopuli.xyz

Björn

swg-empire.de

I wonder if this can also be exploited when people are on a guest wifi.

Atelopus-zeteki reply

fedia.io

Read the article. The answer to your question, per the subtitle right after the title, is yes.

Research Paper Citation: https://www.ndss-symposium.org/ndss-paper/airsnitch-demystifying-and-breaking-client-isolation-in-wi-fi-networks/