Researchers have found that the extra wireless network you set up for visitors may not isolate devices the way router makers advertise, potentially allowing attackers on the same network to intercept traffic.
Wi-Fi security researchers have found new vulnerabilities that let attackers on the same network intercept and mess with traffic. These issues exist even when WPA2 or WPA3 encryption and client isolation are turned on.
The techniques, known as AirSnitch, were shared on February 25 at a security symposium in San Diego. Researchers from the University of California, Riverside, and KU Leuven presented their findings.
The research doesn't prove that Wi-Fi encryption has been cracked. However, it does show that a common protective feature called client isolation can be bypassed in many real-world setups.
AirSnitch doesn't mess with WPA2 or WPA3 cryptography, so your passwords stay safe. The core encryption for your wireless traffic is still rock solid.
The problem is that many routers and access points use client isolation to stop devices on the same Wi-Fi network from talking directly to each other. However, since client isolation isn't standardized in the IEEE 802.11 specification, different vendors implement it in their own ways.
Researchers discovered that many devices don't consistently enforce isolation across networking layers. Sometimes, shared broadcast keys and weak identity binding between hardware and IP layers let an attacker spoof a device's identity.
The spoofing can redirect traffic through the attacker's device, setting up a classic man-in-the-middle situation.
Which Wi-Fi routers and networks are affected by AirSnitch?
The researchers tested a mix of consumer routers, open-source firmware, and enterprise access points, and found that at least one AirSnitch technique worked against every setup examined. The following consumer models were specifically evaluated in the paper.
- Netgear Nighthawk X6 R8000
- Tenda RX2 Pro
- D-LINK DIR-3040
- TP-Link Archer AXE75
- Asus RT-AX57
These routers are not the only devices that are vulnerable to AirSnitch.
The researchers also tested DD-WRT and OpenWrt firmware distributions. The findings suggest broader architectural weaknesses rather than isolated flaws in specific products.
An attacker needs to be connected to the same wireless network, which could happen by joining an open guest network or entering a shared Wi-Fi password. Once they have legitimate access, they can proceed with the attack.
Public Wi-Fi hotspots, shared office networks, apartment buildings, and university campuses face higher risk because multiple untrusted users are often connected to the same infrastructure. When strangers share the same wireless network, the chances of someone abusing those access points go up.
Why the AirSnitch vulnerability matters for WPA2 and WPA3 Wi-Fi security
WPA2 and WPA3 encryption keep the connection between your device and the router secure. However, if the access point permits, devices on the same network can still interact with each other.
Netgear Nighthawk X6 R8000
AirSnitch reveals that attackers can exploit gaps in client isolation enforcement to redirect traffic once they're inside a network. While modern HTTPS and TLS encryption still protect the contents of most web sessions, attackers might be able to inject traffic or interfere with connections.
Attackers could also carry out attacks like DNS manipulation under certain conditions. The research effectively reopens a category of local network attacks that many administrators believed client isolation had largely eliminated.
How to protect yourself from AirSnitch and secure your Wi-Fi network
Make sure to use a virtual private network on all your devices, especially when you're on shared or public Wi-Fi, to keep your traffic encrypted. Also, keep your routers and access points updated with the latest firmware since vendors are releasing patches for these vulnerabilities.
Next, try to avoid connecting to unsecured wireless networks and don't reuse your Wi-Fi password in different places. If you have a home network, turn off guest SSIDs if you don't need them, or make sure they're separate from your main devices using VLANs or different hardware.
Enterprise environments should strictly enforce network segmentation and adopt zero-trust security models, treating every connected device as potentially untrusted.
No wireless network is completely free from design flaws. Layered security, with strong encryption, segmentation, endpoint protections, and encrypted web traffic, is the best defense against attacks like AirSnitch.
