AirSnitch Attack Breaks Wi-Fi Encryption Everywhere
▼ Summary
– Wi-Fi is ubiquitous, with billions of devices shipped and an estimated 6 billion users worldwide.
– The protocol has a history of security vulnerabilities due to its design and reliance on open radio signals.
– Early public Wi-Fi was insecure, leading to the development of cryptographic protections for user traffic.
– New research reveals a fundamental flaw that breaks client isolation, a key encryption-based security promise of routers.
– This flaw enables “AirSnitch” attacks that work across many major router brands and firmware types.
Wi-Fi has become an indispensable part of modern life, connecting billions of devices and users globally. This widespread reliance means an immense volume of sensitive personal and financial data travels over the airwaves every second. The protocol’s history, however, is marked by significant security challenges. These stem from its foundational design, which inherited certain vulnerabilities from earlier networking technologies like Ethernet, and the inherent nature of wireless signals that can be intercepted by anyone within range.
In the beginning, public Wi-Fi networks were often unsecured frontiers. Attacks like ARP spoofing were common, allowing malicious users on the same network to easily read and even alter the data of others. The industry’s response was to implement robust cryptographic protections. These encryption standards were designed to ensure that no one, whether an unauthorized outsider or another user on the authorized network, could snoop on or tamper with private communications between a device and the access point.
Recent findings reveal a fundamental flaw that undermines a core security promise made by all router manufacturers: client isolation. This feature, enabled by encryption, is supposed to prevent any direct communication between two devices connected to the same Wi-Fi network. It’s a critical defense that stops one infected laptop from probing another on a coffee shop hotspot, for instance.
New research demonstrates that behaviors occurring at the deepest levels of the network stack render this isolation ineffective. The issue affects encryption in general, not just previously broken versions. This weakness allows a novel attack vector researchers have named AirSnitch. By exploiting these low-level network behaviors, an attacker can effectively bypass client isolation protections.
The AirSnitch attack comes in several forms, and its impact is broad. Testing has confirmed its effectiveness against a wide array of popular router brands and firmware, including models from Netgear, D-Link, Ubiquiti, and Cisco, as well as devices running open-source platforms like DD-WRT and OpenWrt. This widespread vulnerability means the potential for compromise exists in countless home, business, and public networks, putting user privacy at risk where it was previously assumed to be secured by encryption.
(Source: Ars Technica)
