New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises

A new attack dubbed AirSnitch enables full machine-in-the-middle (MitM) capabilities on Wi-Fi networks where client isolation is enabled, affecting both home routers and enterprise deployments.

The research was conducted by researchers from the University of California, Riverside, and KU Leuven's DistriNet group. The team presented their findings at the Network and Distributed System Security (NDSS) Symposium 2026 in San Diego.

Client isolation is a vendor-implemented feature that blocks direct communication between Wi-Fi clients connected to the same access point. It is commonly recommended to prevent attacks such as ARP spoofing and ICMP redirect abuse. However, the researchers note that client isolation is not standardized in IEEE 802.11, leading to inconsistent, ad hoc implementations across vendors.

To evaluate its real-world robustness, the team tested five recent home routers from major vendors, two open-source router distributions (DD-WRT and OpenWrt), and several enterprise-grade devices. According to the paper, every tested router and network was vulnerable to at least one of the newly developed attacks.

The researchers also validated their findings in two live university networks, where they successfully demonstrated downlink traffic interception against their own test devices without impacting other users.

Read more -here-