top | item 47171248

(no title)

Much of (if not the vast majority of the 'worthwhile') traffic you're intercepting is still encrypted packets though.

Not to minimize the recon value of the plaintext stuff. But not really fair to say you're 'bypassing' any encryption but for the WPA-specific kind.

discuss

vanhoefm|3 days ago

People who use or rely on client isolation want to prevent inter-client attacks, for whatever reason. We show that this can often be broken. This can be problematic when you have older hardware in your network that is rarely updated, and many then rely on client isolation to mitigate attacks. If everything is encrypted and properly patched, then our attack indeed has less impact, but then there also wouldn't have been a good reason to use client isolation in the first place ;)

nickburns|3 days ago

Disagree with your final statement. There's good security (and performance) reason to use any/all viable network isolation/segmentation/separation, etc., whenever/wherever possible. So-called Wi-Fi 'client isolation' is but a single network security strategy. No single strategy should be relied upon exclusively, nor avoided for that matter.

But it seems we otherwise agree on the overall impact of this vector. My point was mostly about the statement regarding any 'bypassing' of encryption.