When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks
Unit 42 describes AirSnitch, a novel enterprise Wi-Fi attack class that bypasses the confidentiality assumptions of WPA2/WPA3-Enterprise by exploiting protocol-infrastructure interactions rather than cryptography alone. The core technique abuses low-level network state such as MAC address tables, interface-to-port mappings, switching behavior, and routing paths to break client isolation, steal traffic flows, and inject packets even on properly configured encrypted networks. The research expands the threat model beyond a single SSID or AP, showing attack paths that span multiple BSSs/APs and even internet-connected colluding servers, restoring man-in-the-middle capability that defenders typically assume WPA prevents. Because the issues affect major vendors and operating systems including Android, iOS, macOS, Windows, and Ubuntu, the work is broadly relevant and suggests mitigations like stronger segmentation, anti-spoofing controls, and tighter firewall policy between wired and wireless segments.