New Wifi Vulnerability

Micronaut · 2026-02-27 00:20:50

Incoming security issue. A whole new set of attacks has been discovered that can affect nearly any public Wifi network.
AirSnitch Breaks Wiki Encryption in Homes and Offices

I rarely use Wifi at all. But I'm now wondering if Stubby actually works in Devuan 6 yet? Or is it still in 'development'? That's one possible useful defense. Or a full VPN. Which I guess I ought to learn to configure.

steve_v · 2026-02-27 05:17:34

Or just use separate AP(s) for your untrusted/guest network, and put them on an isolated VLAN... Like sensible people have been doing for about as long as wifi has been a thing - because wifi has been subject to a variety of security issues since day one, and untrusted devices or networks cannot, by definition, be trusted.

I'm now wondering if Stubby actually works in Devuan 6 yet? Or is it still in 'development'? That's one possible useful defense.

Assuming you are talking about this stubby, now I'm wondering if you even understand the article you linked... What does a DNS stub-resolver have to do with anything, and how is it supposed to be a "defence" against a layer-2 port-spoofing attack?

Micronaut · 2026-02-27 13:10:51

DNS spoofing is one use of the new attack(s). There are several and some applications are discussed in the article.

steve_v · 2026-02-27 13:23:07

DNS spoofing is a very old attack, as are most of the others mentioned. There are undoubtedly more which were not, and calling a fix for one a "defence" is like plugging one hole in a colander and calling it "sealed".
What's new here is breaking client-isolation so those old attacks all work again. It's basically ARP spoofing, and that was a gold-mine in terms of what you could do once you had control of the stream. DNS fuckery is a problem, but it's really just the tip of the iceberg.

If you use "coffee shop" style public wifi (which I personally think is a terrible idea), use a VPN or tunnel (preferrably with a pinned host cert).
If you administer the same, use separate access points and segregate them from your main network.

Ed. Ahh, I see I have reached the perfect post count.

Last edited by steve_v (2026-02-27 13:35:26)

fsmithred · 2026-02-27 15:14:22

Ed. Ahh, I see I have reached the perfect post count. big_smile

I think I have a better understanding of the phrase, "The devil is in the details."

chris2be8 · 2026-02-27 17:28:36

My home network is entirely wired, with wifi disabled on my router. This provides another justification for taking the time to set it up like that.

tux_99 · 2026-02-27 20:53:15

chris2be8 wrote:

My home network is entirely wired, with wifi disabled on my router.

Same here, my router is actually a small custom built PC that doesn't even have wifi.

A router provided by the ISP (or even a self-bought off-the-shelf router) is another gaping security hole that I would never allow in my home.

Micronaut · 2026-03-08 00:21:35

Yeah, I do the same. At least for desktops. I have a separate Wifi server for laptops only, and only turn it on to update them so they are ready to go into the field. The rest of the time, it stays off and this is a Wifi free house.

The officially official Devuan Forum!

#1 2026-02-27 00:20:50

New Wifi Vulnerability

#2 2026-02-27 05:17:34

Re: New Wifi Vulnerability

#3 2026-02-27 13:10:51

Re: New Wifi Vulnerability

#4 2026-02-27 13:23:07

Re: New Wifi Vulnerability

#5 2026-02-27 15:14:22

Re: New Wifi Vulnerability

#6 2026-02-27 17:28:36

Re: New Wifi Vulnerability

#7 2026-02-27 20:53:15

Re: New Wifi Vulnerability

#8 2026-03-08 00:21:35

Re: New Wifi Vulnerability

Board footer