New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises

When headlines started circulating about a new attack called AirSnitch that “breaks Wi-Fi encryption,” my first reaction was: are we really turning the clock back on Wi-Fi security by 15 years?

If you’ve listened to me for any amount of time, you know I’ve been on a bit of a soapbox about public Wi-Fi.

I’m famously pro-public Wi-Fi and anti-VPN panic. The whole “never use public Wi-Fi, hackers are waiting to steal your banking password” advice has been outdated for years. HTTPS is everywhere now. Wi-Fi encryption is strong enough that the classic coffee-shop hacker narrative mostly died off a long time ago.

I’ve logged into extremely sensitive accounts—banking, finance systems, you name it—from hotel networks, airport Wi-Fi, airplanes. It’s fine.

The real risk today on public Wi-Fi usually isn’t network attacks. It’s social engineering, especially through captive portals where people get tricked into entering credentials.

So when I saw the AirSnitch headlines, I wanted to understand whether this was actually a big deal or just another scary Wi-Fi headline.

What AirSnitch Actually Breaks

The key point is that AirSnitch doesn’t break Wi-Fi encryption. Instead, it bypasses something called client isolation.

Client isolation is a feature built into routers and access points that prevents devices connected to the same network from directly communicating with each other. It’s what allows things like guest Wi-Fi networks to exist safely alongside internal ones.

The assumption has been that even if someone joins the guest network, they shouldn’t be able to interact with devices on the trusted network. AirSnitch challenges that assumption.

The researchers found a way to manipulate behavior at the lowest layers of the networking stack, basically Layer 1 and Layer 2, to desynchronize how devices are identified across the Wi-Fi system.

That allows an attacker already connected to a network to impersonate another device and intercept traffic meant for that device. You’re not breaking encryption, but you’re bypassing the isolation mechanisms meant to protect users from each other.

The Old Tricks That Never Fully Died

If this sounds familiar, that’s because it kind of is. A lot of the techniques involved, MAC spoofing, port stealing, ARP-style attacks, are things people used to talk about all the time in the early days of Wi-Fi security.

Back then, attackers could perform man-in-the-middle attacks on wireless networks and read other users’ traffic.

Encryption improvements like WPA2 and WPA3 helped close many of those gaps. Client isolation features were supposed to finish the job by stopping devices from interacting directly.

AirSnitch doesn’t break WPA3. But it shows that if you manipulate the lower layers of the network stack, you may still be able to intercept traffic despite those protections.

The researchers demonstrated attacks including potential DNS spoofing and cookie theft, although some of those scenarios are more theoretical than proven in the wild so far.

Which is why I’m not immediately ready to say this completely changes how we think about Wi-Fi.

Does This Mean Public Wi-Fi Is Dangerous Again?

Not necessarily. Even in a successful AirSnitch scenario, most sensitive traffic today is protected by HTTPS encryption.

That dramatically limits what attackers could actually read or modify.

What this attack mostly highlights is a gap in assumptions about network isolation.

Router manufacturers have long marketed features that promise devices on the same Wi-Fi network can’t communicate directly. AirSnitch suggests those promises may not always hold.

That matters most in environments where different trust zones share the same access point, like enterprise networks with guest Wi-Fi or mixed internal devices.

My Current Take

For most people, the practical advice doesn’t change much:

• HTTPS still protects your traffic

• Captive portal phishing remain the biggest public Wi-Fi risk

• Attackers still need network access to attempt this

But for network architects and router vendors, this research raises an uncomfortable question: If client isolation can be bypassed at the lowest layers of the network stack, how much of modern Wi-Fi security relies on assumptions that might not actually hold?