A newly discovered attack called AirSnitch can break Wi-Fi encryption across virtually all routers, undermining client isolation protections that have been standard for years. The attack works by exploiting previously overlooked vulnerabilities at the lowest levels of the network stack, specifically in Layers 1 and 2, where physical devices and data link protocols operate.

Unlike past Wi-Fi attacks that targeted specific encryption schemes like WEP or WPA, AirSnitch capitalizes on cross-layer identity desynchronization between network layers, nodes, and SSIDs. This allows attackers to perform bidirectional machine-in-the-middle attacks, viewing and modifying data before it reaches its intended recipient. The vulnerability affects routers from major manufacturers including Netgear, D-Link, Ubiquiti, and Cisco, as well as those running DD-WRT and OpenWrt firmware.

Lead researcher Xin'an Zhou presented the findings at the 2026 Network and Distributed System Security Symposium, warning that AirSnitch could enable sophisticated attacks like cookie stealing and DNS cache poisoning. The attack works across small home networks, office setups, and large enterprise environments. With over 48 billion Wi-Fi devices deployed globally and roughly 70 percent of the world's population using Wi-Fi, this fundamental flaw in network security represents a critical threat that cannot be mitigated through traditional encryption methods.