| ▲ | john_strinlai 3 hours ago | ||||||||||||||||||||||
you are definitely correct that it is potentially a big deal because it breaks expectation around network segmentation and isolation however, most people will read "breaks wi-fi encryption" and assume that it means that someone can launch this attack while wardriving, which they cant. | |||||||||||||||||||||||
| ▲ | ProllyInfamous 3 hours ago | parent [-] | ||||||||||||||||||||||
>assume that it means that someone can launch this attack while wardriving, which they cant. As a former wardriver (¡WEPlol!), it only makes this more difficult. In my US city every home/business has a fiber/copper switch, usually outside. A screw-driver and you're in. Granted, this now becomes a physical attack (only for initial access) — but still viable. ---- >the next step is to put [AirSnitch] into historical context and assess how big a threat it poses in the real world. In some respects, it resembles the 2007 PTW attack ... that completely and immediately broke WEP, leaving Wi-Fi users everywhere with no means to protect themselves against nearby adversaries. For now, client isolation is similarly defeated—almost completely and overnight—with no immediate remedy available. ---- I think the article's main point is that so many places have similarly-such-unsecured plug-in points. Perhaps even a user was authorized for one WiFi network segment, and is already "in" — bless this digital mess! | |||||||||||||||||||||||
| |||||||||||||||||||||||