top | item 47172249

(no title)

vanhoefm | 3 days ago

People who use or rely on client isolation want to prevent inter-client attacks, for whatever reason. We show that this can often be broken. This can be problematic when you have older hardware in your network that is rarely updated, and many then rely on client isolation to mitigate attacks. If everything is encrypted and properly patched, then our attack indeed has less impact, but then there also wouldn't have been a good reason to use client isolation in the first place ;)

discuss

nickburns|3 days ago

Disagree with your final statement. There's good security (and performance) reason to use any/all viable network isolation/segmentation/separation, etc., whenever/wherever possible. So-called Wi-Fi 'client isolation' is but a single network security strategy. No single strategy should be relied upon exclusively, nor avoided for that matter.

But it seems we otherwise agree on the overall impact of this vector. My point was mostly about the statement regarding any 'bypassing' of encryption.

vanhoefm|3 days ago

It indeed seems we overall agree. Even if I may not have always explicitly said 'Wi-Fi encryption' for convenience, that can be derived from context normally, though it's always hard to estimate how people interpret text (and even harder to predict how others write about it :).