- UC Riverside Researchers Find Wi-Fi Client Isolation Is ‘Fundamentally Broken’
- New AirSnitch attacks enable traffic injection, MitM and eavesdropping on wired devices
- All tested routers vulnerable; experts call for network segmentation and strong end-to-end encryption
Wi-Fi Client Isolation, a security feature that prevents devices on the same network from talking directly to each other, is “fundamentally broken” and can be abused in numerous ways, experts have claimed.
A team of researchers from the University of California, Riverside, released a new research report that analyzes how client isolation works across three layers: Wi-Fi encryption, internal packet switching inside access points, and IP routing through the gateway.
Through their research, they discovered several new attack techniques that allow a malicious user connected to the same Wi-Fi network to inject traffic to other clients, intercept victim traffic, become a full machine-in-the-middle (MitM), and even intercept traffic from internal wired devices.
Widespread problem
The techniques include abusing the shared Wi-Fi group key, gateway bounce (essentially a Layer-3 routing trick), port theft (MAC spoofing attack), broadcast reflection (without the need for GTK), a full MitM combination attack that works by combining port theft and gateway bouncing of internally wired device, and eavesdropping on the device’s MAC address.
These problems appear to be widespread, as every router and network they tested was vulnerable to at least one of these techniques. What’s more, this doesn’t just seem to affect home environments – enterprise setups, including real university networks, are just as at risk.
AirSnitch, as the researchers called the vulnerability, “breaks worldwide Wi-Fi encryption, and it may have the potential to enable advanced cyber attacks,” said Xin’an Zhou, the lead author of the research. Ars Technica.
“Advanced attacks can build on our primitives to [perform] cookie theft, DNS and cache poisoning. Our research physically taps the wire entirely so these sophisticated attacks will work. It is truly a threat to worldwide network security.”
The researchers suggest that client isolation may not be the most reliable security boundary. Instead, users should focus on using proper network segmentation, avoiding credential sharing, improving group key management, and strong end-to-end encryption everywhere.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
