2026-02-27
We found that Wi-Fi client isolation can often be bypassed. This allows an attacker who can connect to a network, either as a malicious insider or by connecting to a co-located open network, to attack others. NDSS'26 paper: https://www.ndss-symposium.org/ ... GitHub: https://github.com/...
Ars Technica
Security researchers detail AirSnitch, a series of attacks that bypass Wi-Fi client isolation, enabling machine-in-the-middle attacks in modern Wi-Fi networks
That guest network you set up for your neighbors may not be as secure as you think. — It's hard to overstate the role that Wi-Fi plays in virtually every facet of life.
2024-05-07
A malicious DHCP server can abuse static DHCP routes to make VPNs leak traffic: https://www.leviathansecurity.com/ ... People warned about this attack before It's unclear which VPNs they tested: on Win/Linux/macOS, some VPNs configure more complex firewall rules that can prevent this attack
Ars Technica
Researchers detail an attack against many VPN apps that force them to send some or all traffic outside of the VPN encrypted tunnel; Android mitigates the flaw
TunnelVision vulnerability has existed since 2002 and may already be known to attackers. — Researchers have devised an attack …
2023-10-29
This new iPhone flaw is about tracking users *while connected* to a Wi-Fi network. Even with the CVE fixed, that's IMO hard to fully prevent. Usage of random MAC addresses while *scanning* for Wi-Fi networks seems to have properly worked all the time. https://arstechnica.com/...
Ars Technica
Apple fixed an old bug exposing a device's real MAC address to nearby wireless routers even when Private Wi-Fi Address is enabled, including in Lockdown Mode
@dangoodin — https://arstechnica.com/... X: @mysk_co : The bug addressed in iOS 17.1 is about hiding the device's MAC address from joined networks, a privacy feature introduced i...
2023-10-28
This new iPhone flaw is about tracking users *while connected* to a Wi-Fi network. Even with the CVE fixed, that's IMO hard to fully prevent. Usage of random MAC addresses while *scanning* for Wi-Fi networks seems to have properly worked all the time. https://arstechnica.com/...
Ars Technica
Apple fixed an old iOS bug that let nearby wireless routers gather real MAC addresses even when Private Wi-Fi Address is enabled, including in Lockdown Mode
“From the get-go, this feature was useless,” researcher says of feature put into iOS 14. — Three years ago, Apple introduced …
2021-05-13
The findings consist of three design flaws and several widespread implementations flaws. Some of the flaws have been part of Wi-Fi since 1997! Full details are in my paper: https://papers.mathyvanhoef.com/ ...
The Record
Researcher discovers a series of vulnerabilities, known as Frag Attacks, impacting Wi-Fi devices from the past 24 years, even when WEP and WPA are activated
Catalin Cimpanu / The Record : Source: FragAttacks .