Researchers have demonstrated a new technique called AirSnitch that bypasses the “client isolation” security feature found in many Wi-Fi routers.
What is AirSnitch?
Client isolation is designed to prevent devices on the same network from communicating with one another, a crucial security layer in public and office Wi-Fi. However, AirSnitch nullifies this protection, allowing an attacker to execute a bidirectional man-in-the-middle (MitM) attack.
The Security Risk
By bypassing isolation, an attacker can intercept and modify data packets sent between a victim’s device and the internet. This exploit enables the theft of:
- Session cookies
- Login passwords
- Credit card information
Vulnerable Devices
Testing has confirmed that at least 11 router models from major manufacturers are susceptible to this flaw, including devices from:
- TP-Link
- ASUS
- D-Link
Users are advised to check for firmware updates from their manufacturers to mitigate the risk of unauthorized traffic interception.
