AirSnitch: researchers find Wi-Fi flaw that lets same-network attackers intercept traffic
Mar 8th 2026
UC Riverside researchers reveal AirSnitch, a set of Wi-Fi weaknesses that let attackers on the same network assume device identities and divert traffic, affecting multiple routers, firmwares, and enterprise deployments.
- AirSnitch allows an attacker on the same Wi-Fi network to intercept and redirect a victim's traffic even when client isolation is enabled.
- The attack exploits Wi-Fi's lack of cryptographic binding between client MAC addresses, encryption keys, and IP addresses across Layers 1 to 3.
- Researchers demonstrate four techniques: abusing shared Group Temporal Keys, Gateway Bouncing, MAC spoofing of victims, and spoofing backend devices to capture uplink or downlink traffic.
- Vulnerable targets include five popular consumer routers, DD-WRT and OpenWrt builds, and two university enterprise networks, showing an architecture level issue.
- The team says the attacks are complex but urges manufacturers and standards groups to adopt stricter client isolation requirements to close these gaps.