AirSnitch – a MiTM attack for Wi-Fi

Most people who use a guest Wi-Fi network, such as the one in a hotel, or the local coffee shop assume that their device and communications are secure, and for a number of years this has been the case because for years, network administrators have relied on Client Isolation (A.K.A. AP Isolation) as the ultimate safeguard against insider threats snooping on customer data.

By blocking clients in the network from directly communicating with one another, it prevents attacks like ARP poisoning or unauthorised traffic interception from happening. Devices in the network can only communicate with the default gateway (router) and not with other devices on the network.

However, a ground-breaking new research paper titled “AirSnitch: Demystifying and Breaking Client Isolation in Wi-Fi Networks“ reveals that this protection is not what many think it is.

Researchers from UC Riverside and KU Leuven conducted a comprehensive security analysis and discovered that every single router and network they tested was vulnerable to at least one isolation-bypassing attack. They revealed their findings at the 2026 Network and Distributed Security (NDSS) Symposium last week (23^rd – 27^th Feb)

The Core Problem that allows this new attack to work is a lack of standardisation by manufacturers when implementing their isolation mechanisms.

Client isolation is not actually a standardised feature in the IEEE 802.11 standards (The standards that all Wireless devices are supposed to be built to). So, because there is no universal rulebook, network vendors have implemented their mechanisms in an ad-hoc, inconsistent manner across three different layers:

• Wi-Fi encryption
• Packet switching
• IP routing

This fragmented approach leaves massive security gaps.

The Attack Vectors: How AirSnitch Bypasses Isolation

The researchers identified three primary classes of attacks that dismantle client isolation layer by layer

1. Abusing the GTK (Wi-Fi Encryption Layer) Modern Wi-Fi networks that rely on either WPA2 or WPA3 encryption rely on a an encryption key called the Group Temporal Key (GTK) to encrypt broadcast and multicast traffic.
   
   Because this key is shared among all clients on the same network – even when client isolation is turned on – an insider can abuse it by spoofing the Access Point’s (AP) MAC address.
   
   In this approach, an attacker can take a unicast IP packet, wrap it in a broadcast frame and encrypt it with the shared GTK, and inject it directly to a victim.
   
   Because this happens over the air interface, the AP’s internal software restrictions cannot stop it.
   
   Even the highly secure Passpoint standard (A.K.A. hotspot2.0) is vulnerable to GTK abuse due to design flaws in how IEE802.11u systems handles group key handshakes.
   
2. Gateway Bouncing (Routing Layer) Many vendors correctly enforce client isolation at Layer 2 (MAC layer) but completely forget to enforce it at Layer 3 (the IP layer).
   
   Gateway Bouncing is where an attacker crafts a packet with the destination IP address of the isolated victim, but uses the AP gateway’s MAC address.
   
   The AP accepts the packet and forwards it to the gateway; the gateway sees the victim’s IP and immediately routes the packet back to the victim.
   
   In this attack, the attacker can inject traffic direct to an isolated machine.

3. Port Stealing (Switching Layer) Inside a modern AP, different network names (like “Guest” and “Staff”) act like virtualized hardware ports.
   
   The researchers discovered that by spoofing a victim’s MAC address and connecting to the same network (but on a different virtual port/SSID), an attacker can trigger the AP’s internal switch to incorrectly update its forwarding tables.
   
   Because APs tie Wi-Fi encryption keys (PTKs) to the latest MAC-to-port binding, the AP will actually take traffic meant for the victim, encrypt it with the attacker’s key, and deliver it to the attacker.
   
   This allows attackers to seamlessly intercept downlink traffic. This is the most devastating attack the researchers discovered as it allows full snooping of a victims traffic and allows the attack to decrypt the data being transmitted.

By chaining these techniques together – using Port Stealing to intercept traffic and Gateway Bouncing or GTK Abuse to inject it back – an attacker can achieve a full bi-directional Machine-in-the-Middle (MitM) position.

The researchers successfully executed these attacks against numerous, currently available home, and corporate Wi-Fi systems:

• Popular home routers from Netgear, TP-Link, ASUS, and D-Link.
• Enterprise-grade hardware from Ubiquiti and Cisco.
• Open-source firmware like DD-WRT and OpenWrt.
• Real-world university networks utilizing WPA2-Enterprise (proving that even Enterprise setups with unique per-client credentials are vulnerable).

Once an attacker secures a MitM position via these methods, they can launch other attacks including performing traffic analysis, stealing cookies over unencrypted connections, poisoning DNS caches, and even intercepting internal RADIUS authentication packets to brute-force enterprise passwords.

The researchers suggested that because WPA2, WPA3, and even WPA2/3-Enterprise networks are fundamentally flawed in their isolation mechanics, mitigating against AirSnitch requires a defence-in-depth approach:

• Implement VLANs: To improve isolation, untrusted BSSIDs (like Guest networks) should be placed in entirely separate VLANs. Better yet, assigning each user to a unique VLAN would securely separate their traffic, though this is difficult to manage on consumer hardware.
• Enforce Spoofing Prevention: Applying IP spoofing protections and strictly preventing clients from using MAC addresses that appear on multiple BSSIDs concurrently can stop Gateway Bouncing and Port Stealing.
• Randomize Group Keys: APs should utilize per-client randomized GTKs (as Passpoint attempts to do) to prevent broadcast key abuse.
• Layer 2 Encryption: Adopting standards like MACsec (IEEE 802.1AE) for device-to-device encryption can effectively thwart these exploits by protecting the link layer itself.

Ultimately, until the industry defines what “client isolation” actually means, we have to assume that sharing a Wi-Fi network – even an isolated, enterprise-encrypted one – potentially means sharing your traffic with whoever else is in the vicinity.