UC Riverside computer scientists have identified major security weaknesses in the Wi-Fi networks used at work, at home and various other locations. Even the most advanced “enterprise-grade” encryption systems used by universities and corporations were found to be vulnerable.
In the paper, AirSnitch: Demystifying and Breaking Client Isolation in Wi-Fi Networks, the UCR authors describe how a security feature designed to keep users safe from one another can be bypassed. Their findings show that attackers connected to the same wireless network can secretly spy on other users, intercept data, and manipulate traffic — even when modern security measures are in place.
The researchers presented their findings at the Network and Distributed System Security (NDSS) Symposium 2026 in San Diego. They are urging the tech industry to address the vulnerabilities, but acknowledge that fixes will require more than simple software patches. The weaknesses, they say, stem in part from hardware designs that have not kept pace with increasingly sophisticated hacking techniques.
Mitigation strategies proposed by the researchers include stronger separation of encryption keys and better synchronization of device identities across network layers. They have also shared their findings with vendors in advance of publication.
“The biggest concern is for enterprise environments,” said Xin’an Zhou, the paper’s lead author, who conducted the research as a doctoral student at UCR and now works for Palo Alto Networks in the San Francisco Bay Area. “Enterprise systems usually protect their networks using the most advanced encryption. So that means enterprises are seemingly relying on a fake sense of security.”
Enterprise Wi-Fi networks — such as those used at UCR and many businesses — require users to log in with personal credentials, like a NetID and password, and use what is called WPA3 (Wi-Fi Protected Access, version 3) enterprise encryption. That system differs from home Wi-Fi networks, where everyone typically shares the same passphrase.
The vulnerability lies in a feature known as “client isolation,” Zhou explained. Vendors introduced client isolation years ago to prevent one Wi-Fi user from attacking another on the same network. But the feature is not standardized, and its protections vary widely among manufacturers.
In tests of home routers and enterprise-style networks, the researchers found that every system examined was vulnerable to at least one type of attack. They repeatedly demonstrated how a malicious user connected to the same Wi-Fi network could position their device between a victim and the internet — a classic “man-in-the-middle” attack.
“Every ‘man in the middle’ attack tries to intercept and modify some traffic in transit,” Zhou said.
The attacks work not only in small home networks but also in complex enterprise systems with multiple access points and network names, the paper reports. In some cases, attackers can intercept both incoming and outgoing traffic, achieving full bidirectional control.
The implications extend beyond casual web browsing. Once positioned as a man-in-the-middle, an attacker could exploit additional software flaws to decrypt sensitive communications or compromise internal systems.
