Unlike previous Wi-Fi attacks, AirSnitch exploits core features in Layers 1 and 2 and the failure to bind and synchronize a client across these and higher layers, other nodes, and other network names such as SSIDs (Service Set Identifiers). This cross-layer identity desynchronization is the key driver of AirSnitch attacks.
The most powerful such attack is a full, bidirectional machine-in-the-middle (MitM) attack, meaning the attacker can view and modify data before it makes its way to the intended recipient. The attacker can be on the same SSID, a separate one, or even a separate network segment tied to the same AP. It works against small Wi-Fi networks in both homes and offices and large networks in enterprises.
Just read the paper. ArsTechnica is such a terrible source for analysis on anything remotely technical.
Yeah but at least they are nice enough to announce that with the silent ”e” in their name Arse Technica.
Agreed. Reading this, or trying to, I was switching back and forth between “this is missing information” and “why provide this additional explanation?” The target audience isn’t clear. Either go for the technical deep dive or provide a much higher-level explanation of what happened. Not this… mess in between.
Actual paper here is more understandable than this article - https://www.ndss-symposium.org/ndss-paper/airsnitch-demystifying-and-breaking-client-isolation-in-wi-fi-networks/
First, Wi-Fi keys that protect broadcast frames are improperly managed and can be abused to bypass client isolation. Second, isolation is often only enforced at the MAC or IP layer, but not both. Third, weak synchronization of a client’s identity across the network stack allows one to bypass Wi-Fi client isolation at the network layer instead, enabling the interception of uplink and downlink traffic of other clients as well as internal backend devices.
If I’m understanding correctly, this is saying that isolation between different clients on the same VLAN is broken? But this attack doesn’t break isolation between VLANs?
So the major issue is if you’ve got a guest network on the same VLAN as your main network
Basically every single one of those Xfinity Wifi boxes that people got for free in their household thanks to Concast and their skeezy attempt to bolster their “mobile” network.
What would the legality be of listening to people’s phone calls if they are connecting to your personal home network without your permission to make them?
Correct me if I’m wrong, but the article does seem to indicate that isolation between VLANs is still secure assuming its set up correctly. A lot of folks set up VLANs but never complete the firewall rules afterwards.
I wonder if this can also be exploited when people are on a guest wifi.
Read the article. The answer to your question, per the subtitle right after the title, is yes.
Research Paper Citation: https://www.ndss-symposium.org/ndss-paper/airsnitch-demystifying-and-breaking-client-isolation-in-wi-fi-networks/
