We found that Wi-Fi client isolation can often be bypassed. This allows an attacker who can connect to a network, either as a malicious insider or by connecting to a co-located open network, to attack others.

NDSS'26 paper: https://www.ndss-symposium.org/wp-content/uploads/2026-f1282-paper.pdf
GitHub: https://github.com/vanhoefm/airsnitch

High-level article on the work by Dan Goodin: https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises/ I'd say we bypass Wi-Fi encryption though, in the sense that we can bypass client isolation. We don't break Wi-Fi authentication or encryption. Crypto is often bypassed instead of broken. And we bypass it ;) If you don't rely on client/network isolation, you are safe: we can't just break any Wi-Fi network.

At USENIX Security? Then check out:

Studying the Use of CVEs in Academia, won distinguished paper award https://www.usenix.org/conference/usenixsecurity25/presentation/schloegel

Discovering and Exploiting Vulnerable Tunnelling Hosts, won most innovative research Pwnie @ DEFCON https://www.usenix.org/conference/usenixsecurity25/presentation/beitis

Big thanks to all co-authors!! #usenixsecurity

Our research on open tunneling servers got nominated for the Most Innovative Research award :)

The work will be presented by Angelos Beitis at Black Hat and also at USENIX Security

Brief summary and code: https://github.com/vanhoefm/tunneltester
Paper: https://papers.mathyvanhoef.com/usenix2025-tunnels.pdf