RESEARCHERS from UC Riverside, together with one from KU Leuven, report that four computer scientists and one additional researcher uncovered weaknesses that can bypass Wi‑Fi client isolation in home, work, airport, and coffee shop networks.
Their study, presented in a paper at the NDSS Symposium 2026, demonstrates three main attack methods: an abusing GTK attack that exploits how broadcast keys are managed to bypass isolation; a gateway bouncing attack that uses the AP’s gateway MAC as the layer-2 destination while the victim’s IP address is the layer-3 destination; and a Machine-in-the-Middle attack that can spoof MAC addresses to intercept uplink and downlink traffic and impersonate internal devices.
The researchers warn that not all networks are susceptible to every method, but at least one vulnerability affected every tested network, and that a lack of standardisation in client isolation across vendors contributes to inconsistent implementations. They noted the findings were responsibly provided to manufacturers with more than 90 days to prepare fixes before publication, and that full solutions will be difficult without ecosystem-level coordination.
The discoveries were reported on 3 March 2026, with the work emphasising that client isolation should not be treated as a sole defence against intra-network threats according to the NDSS Symposium 2026 publication.