{"id":55597,"date":"2026-04-10T13:18:25","date_gmt":"2026-04-10T17:18:25","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=55597"},"modified":"2026-04-10T13:18:25","modified_gmt":"2026-04-10T17:18:25","slug":"airsnitch-wi-fi-client-isolation-guest-network-vulnerability-and-mitigation","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/airsnitch-wi-fi-client-isolation-guest-network-vulnerability-and-mitigation\/55597\/","title":{"rendered":"AirSnitch: attacking Wi-Fi client isolation and guest networks"},"content":{"rendered":"

At the NDSS Symposium 2026 in San Diego in February, a group of respected researchers presented a study unveiling the AirSnitch<\/a> attack, which bypasses the Wi-Fi client isolation feature \u2014 also commonly known as guest network or device isolation. This attack allows connecting to a single wireless network via an access point, and then gaining access to other connected devices, including those using entirely different service set identifiers<\/a> (SSIDs) on that same hardware. Targeted devices could easily be running on wireless subnets protected by WPA2 or WPA3 protocols. The attack doesn\u2019t actually break encryption; instead, it exploits the way access points handle group keys and packet routing.<\/p>\n

In practical terms, this means that a guest network provides very little in the way of real security. If your guest and employee networks are running on the same physical device, AirSnitch allows a connected attacker to inject malicious traffic into neighboring SSIDs. In some cases, they can even pull off a full-blown man-in-the-middle<\/a> (MitM) attack.<\/p>\n

Wi-Fi security and the role of isolation<\/h2>\n

Wi-Fi security is constantly evolving; every time a practical attack is made against the latest generation of protection, the industry shifts toward more complex algorithms and procedures. This cycle started with the FMS attacks<\/a> used to crack WEP encryption keys, and continues to this day: recent examples include the KRACK<\/a> attacks on WPA2, and the FragAttacks<\/a>, which impacted every security protocol version from WEP all the way through WPA3.<\/p>\n

Attacking modern Wi-Fi networks effectively (and quietly) is no small feat. Most professionals agree that using WPA2\/WPA3 with complex keys and separating networks based on their purpose is usually enough for protection. However, only specialists really know that client isolation was never actually standardized within the IEEE 802.11 protocols. Different manufacturers implement isolation in completely different ways \u2014 using Layer 2 or Layer 3 of network architecture<\/a>; in other words, handling it at either the router or the Wi-Fi controller level \u2014 meaning the behavior of isolated subnets varies wildly depending on your specific access point or router model.<\/p>\n

While marketing claims that client isolation is perfect for keeping restaurant or hotel guests from attacking one another \u2014 or ensuring corporate visitors can\u2019t access anything but the internet \u2014 in reality, isolation often relies on people not trying to hack it. This is exactly what the AirSnitch research highlights.<\/p>\n

Types of AirSnitch attacks<\/h2>\n

The name AirSnitch doesn\u2019t just refer to a single vulnerability, but a whole family of architectural flaws found in Wi-Fi access points. It\u2019s also the name of an open-source tool used to test routers for these specific weaknesses. However, security professionals need to keep in mind that there\u2019s only a very thin line between testing and attacking.<\/p>\n

The model for all these attacks is the same: a malicious client is connected to an access point (AP) where isolation is active. Other users \u2014 the targets \u2014 are connected to the same SSID or even different SSIDs on that same AP. This is a very realistic scenario; for example, a guest network might be open and unencrypted, or an attacker could simply get the guest Wi-Fi password by posing as a legitimate visitor.<\/p>\n

For certain AirSnitch attacks, the attacker needs to know the victim\u2019s MAC or IP address beforehand.\u00a0 Ultimately, how effective each attack is depends on the specific hardware manufacturer (more on that below).<\/p>\n

GTK attack<\/h3>\n

After the WPA2\/WPA3 handshake, the access point and the clients agree on a Group Transient Key (GTK) to handle broadcast traffic. In this scenario, the attacker wraps packets destined for a specific victim inside a broadcast traffic envelope. They then send these directly to the victim while spoofing the access point\u2019s MAC address. This attack only allows for traffic injection, meaning the attacker won\u2019t receive a response. However, even that is enough to deliver malicious ICMPv6 routing advertisements, or DNS and ARP messages to the client \u2014 effectively bypassing isolation. This is the most universal version of the attack working on any WPA2\/WPA3 network that uses a shared GTK. That said, some enterprise-grade access points support GTK randomization for each individual client, which renders this specific method ineffective.<\/p>\n

Broadcast packet redirection<\/h3>\n

This version of the attack doesn\u2019t even require the attacker to authenticate at the access point first. The attacker sends packets to the AP with a broadcast destination address (FF:FF:FF:FF:FF:FF) and the ToDS flag set to 1.\u00a0 As a result, many access points treat this packet as legitimate broadcast traffic; they encrypt it using the GTK, and blast it out to every client on the subnet, including the victim. Just like in the previous method, traffic specifically meant for a single victim can be pre-packaged inside.<\/p>\n

Router redirection<\/h3>\n

This attack exploits an architectural gap between Layer 2 and Layer 3 security found in some manufacturers\u2019 hardware. The attacker sends a packet to the access point, setting the victim\u2019s IP address as the destination at the network layer (L3).\u00a0 However, at the wireless layer (L2), the destination is set to the access point\u2019s own MAC address, so the isolation filter doesn\u2019t trip. The routing subsystem (L3) then dutifully routes the packet back out to the victim, bypassing the L2 isolation entirely. Like the previous methods, this is another transmit-only attack where the attacker can\u2019t see the reply.<\/p>\n

Port stealing to intercept packets<\/h3>\n

The attacker connects to the network using a spoofed version of the victim\u2019s MAC address, and floods the network with ARP responses claiming, \u201cthis MAC address is on my port and SSID\u201d.\u00a0 The target network\u2019s router updates its MAC tables, and starts sending the victim\u2019s traffic to this new port instead. Consequently, traffic intended for the victim ends up with the attacker \u2014 even if the victim is connected to a completely different SSID.<\/p>\n

In a scenario where the attacker connects via an open, unencrypted network, this means traffic meant for a client on a WPA2\/WPA3-secured network is actually broadcast over the open air, where not only the attacker but anyone nearby can sniff it.<\/p>\n

Port stealing to send packets<\/h3>\n

In this version, the attacker connects directly to the victim\u2019s Wi-Fi adapter, and bombards it with ARP requests spoofing the access point\u2019s MAC address. As a result, the victim\u2019s computer starts sending its outgoing traffic to the attacker instead of the network. By running both stealing attacks simultaneously, an attacker can, in several scenarios, execute a full MitM attack.<\/p>\n

Practical consequences of AirSnitch attacks<\/h2>\n

By combining several of the techniques described above, a hacker can pull off some pretty serious moves:<\/p>\n