Unlike previous Wi-Fi attacks, AirSnitch exploits core features in Layers 1 and 2 and the failure to bind and synchronize a client across these and higher layers, other nodes, and other network names such as SSIDs (Service Set Identifiers). This cross-layer identity desynchronization is the key driver of AirSnitch attacks.
The most powerful such attack is a full, bidirectional machine-in-the-middle (MitM) attack, meaning the attacker can view and modify data before it makes its way to the intended recipient. The attacker can be on the same SSID, a separate one, or even a separate network segment tied to the same AP. It works against small Wi-Fi networks in both homes and offices and large networks in enterprises.
Just read the paper. ArsTechnica is such a terrible source for analysis on anything remotely technical.
Yeah but at least they are nice enough to announce that with the silent ”e” in their name Arse Technica.
Agreed. Reading this, or trying to, I was switching back and forth between “this is missing information” and “why provide this additional explanation?” The target audience isn’t clear. Either go for the technical deep dive or provide a much higher-level explanation of what happened. Not this… mess in between.