New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises

Submitted ⁨⁨22⁩ ⁨hours⁩ ago⁩ by ⁨gedaliyah@lemmy.world⁩ to ⁨technology@lemmy.world⁩

https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises/

Unlike previous Wi-Fi attacks, AirSnitch exploits core features in Layers 1 and 2 and the failure to bind and synchronize a client across these and higher layers, other nodes, and other network names such as SSIDs (Service Set Identifiers). This cross-layer identity desynchronization is the key driver of AirSnitch attacks.

The most powerful such attack is a full, bidirectional machine-in-the-middle (MitM) attack, meaning the attacker can view and modify data before it makes its way to the intended recipient. The attacker can be on the same SSID, a separate one, or even a separate network segment tied to the same AP. It works against small Wi-Fi networks in both homes and offices and large networks in enterprises.

source

Comments

Sort:hotnew top

Shadow@lemmy.ca ⁨21⁩ ⁨hours⁩ ago
Actual paper here is more understandable than this article - ndss-symposium.org/…/airsnitch-demystifying-and-b…

source
paks@feddit.uk ⁨21⁩ ⁨hours⁩ ago
If I’m understanding correctly, this is saying that isolation between different clients on the same VLAN is broken? But this attack doesn’t break isolation between VLANs?

So the major issue is if you’ve got a guest network on the same VLAN as your main network

source
- tidderuuf@lemmy.world ⁨21⁩ ⁨hours⁩ ago
  Basically every single one of those Xfinity Wifi boxes that people got for free in their household thanks to Concast and their skeezy attempt to bolster their “mobile” network.
  
  source
  - Jolteon@lemmy.zip ⁨11⁩ ⁨hours⁩ ago
    What would the legality be of listening to people’s phone calls if they are connecting to your personal home network to make them?
    
    source
- Sanguine@lemmy.dbzer0.com ⁨18⁩ ⁨hours⁩ ago
  Correct me if I’m wrong, but the article does seem to indicate that isolation between VLANs is still secure assuming its set up correctly. A lot of folks set up VLANs but never complete the firewall rules afterwards.
  
  source
user28282912@piefed.social ⁨12⁩ ⁨hours⁩ ago
Just read the paper. ArsTechnica is such a terrible source for analysis on anything remotely technical.

source
- IratePirate@feddit.org ⁨10⁩ ⁨hours⁩ ago
  Agreed. Reading this, or trying to, I was switching back and forth between “this is missing information” and “why provide this additional explanation?” The target audience isn’t clear. Either go for the technical deep dive or provide a much higher-level explanation of what happened. Not this… mess in between.
  
  source
- hietsu@sopuli.xyz ⁨6⁩ ⁨hours⁩ ago
  Yeah but at least they are nice enough to announce that with the silent ”e” in their name Arse Technica.
  
  source
bjoern_tantau@swg-empire.de ⁨22⁩ ⁨hours⁩ ago
I wonder if this can also be exploited when people are on a guest wifi.

source