Comment by nickburns
20 hours ago
Much of (if not the vast majority of the 'worthwhile') traffic you're intercepting is still encrypted packets though.
Not to minimize the recon value of the plaintext stuff. But not really fair to say you're 'bypassing' any encryption but for the WPA-specific kind.
People who use or rely on client isolation want to prevent inter-client attacks, for whatever reason. We show that this can often be broken. This can be problematic when you have older hardware in your network that is rarely updated, and many then rely on client isolation to mitigate attacks. If everything is encrypted and properly patched, then our attack indeed has less impact, but then there also wouldn't have been a good reason to use client isolation in the first place ;)
Disagree with your final statement. There's good security (and performance) reason to use any/all viable network isolation/segmentation/separation, etc., whenever/wherever possible. So-called Wi-Fi 'client isolation' is but a single network security strategy. No single strategy should be relied upon exclusively, nor avoided for that matter.
But it seems we otherwise agree on the overall impact of this vector. My point was mostly about the statement regarding any 'bypassing' of encryption.
It indeed seems we overall agree. Even if I may not have always explicitly said 'Wi-Fi encryption' for convenience, that can be derived from context normally, though it's always hard to estimate how people interpret text (and even harder to predict how others write about it :).