We found that Wi-Fi client isolation can often be bypassed.

@vanhoefm nice work!

@0x76 @dangoodin I think the WiFi 8 spec is coming soon? Maybe the body for that might be able to at least add something into the spec (if it exists)

@0x76 @dangoodin True. A problem you can’t just throw money at to upgrade something is worse.

Research like this is also rough because it’s entirely possible the response is just that hardware vendors do a PR response unless they get a lot of flak they can’t dodge.

Cynically, I could see vendors saying, “what we’ve done is put VRAM on our newer switch and APs, and now frames/packets are dropped via AI model”. Then selling that to all the companies with a budget and leaving consumer-grade equipment saddled with needing defense-in-depth because “legacy” Client Isolation is now considered best effort.

IMO, the money from fixing consumer protections isn’t going to be seen as worth it unless the fix is incredibly simple to dev and roll out retroactively.

@0x76 @dangoodin I mean, I think the interesting piece is client isolation is weird nonstandard and shouldn’t be relied on by itself.

Adding VLANs adds additional layers of complexity. An attacker could still attempt VLAN Tagging packets.

This could legitimately change a lot of network threat models. Many network issues/vulns have probably been downgraded in severity on the basis of “this doesn’t matter because Client Isolation exists”.

RE: https://infosec.exchange/@dangoodin/116137739187152802

Well this will be fun to look at.

I don’t agree with trying to use a VPN as a mitigation for this though.

One of the cool parts of aging and being constantly sick is that I’ve become patient enough for art with enough downtime to do something about it.

I wanted to make a little website logo for when I finally get my self-hosted blog going. I stumbled into #pixieditor and my god is it such an improvement over the #mspaint stuff for layers.

#pixelart