A newly discovered vulnerability, dubbed AirSnitch, compromises Wi-Fi security by breaking client isolation, potentially enabling widespread man-in-the-middle attacks, researchers at UC Riverside announced Wednesday.
The flaw isn’t rooted in weaknesses in Wi-Fi’s encryption protocols themselves, but rather in how those protocols are implemented at the lowest levels of the network stack, according to Xin’an Zhou, the lead author of the research and now a researcher at Palo Alto Networks. “AirSnitch breaks worldwide Wi-Fi encryption and it might have the potential to enable advanced cyberattacks,” Zhou said at the 2026 Network and Distributed System Security Symposium in San Diego. He warned that advanced attacks leveraging the vulnerability could lead to cookie stealing and DNS cache poisoning, even when using HTTPS.
Previous attacks, such as those targeting WEP and WPA, focused on cracking the encryption used to secure Wi-Fi traffic. AirSnitch, although, exploits a fundamental failure to properly isolate devices connected to the same wireless network. This isolation is a core security feature intended to prevent direct communication between connected clients, a promise researchers say is now broken.
The vulnerability stems from a desynchronization of a client’s identity across different layers of the networking stack – specifically Layers 1 and 2. Layer 1 encompasses the physical components of the network, while Layer 2 handles data transmission between devices on the same network. The research demonstrates that attackers can exploit this identity gap to intercept and manipulate data, regardless of whether they are on the same Wi-Fi network (SSID) or a separate one. The attack works across both small home and office networks and larger enterprise deployments.
According to the researchers, the most significant threat posed by AirSnitch is a full, bidirectional man-in-the-middle (MitM) attack. This allows an attacker to not only view data transmitted between devices but also to alter it before it reaches its destination. The researchers shared their findings with vendors prior to publication, but acknowledge that addressing the vulnerabilities will require more than simple software patches, potentially necessitating hardware redesigns.
“The biggest concern is for enterprise environments,” Zhou stated. “Enterprise systems usually protect their networks using the most advanced encryption. So that means enterprises are seemingly relying on a fake sense of security.”
The researchers have proposed mitigation strategies, including stronger separation of encryption keys and improved synchronization of device identities. The findings were detailed in the paper, “AirSnitch: demystifying and breaking client isolation in Wi-Fi networks,” presented at the NDSS Symposium.
