AIRSNITCH is a series of attacks that capitalises on weaknesses at the lowest levels of the Wi‑Fi stack, capable of breaking client isolation and enabling bidirectional man‑in‑the‑middle attacks across homes, offices and enterprises. The researchers demonstrated that these exploits can intercept all link‑layer traffic and, even when HTTPS is in place, allow DNS cache poisoning and traffic manipulation, potentially exposing credentials and other sensitive data.
The work, presented at the 2026 Network and Distributed System Security Symposium, shows that variations of AirSnitch defeat the client isolation promised by many enterprise routers, and the team tested 11 devices, including Netgear Nighthawk X6 R8000, Tenda RX2 Pro, D‑LINK DIR‑3040, TP‑LINK Archer AXE75, ASUS RT‑AX57, and OpenWrt 24.10, among others, with every model vulnerable to at least one attack.
According to Xin’an Zhou, the lead author, some router makers have released updates to mitigate certain attacks, though others say systemic weaknesses may require changes in the underlying chips. The article notes that mitigations such as VPNs have limitations and advocates a zero‑trust approach as a long‑term defence.