Mathy Vanhoef

I found some design and implementation flaws in Wi-Fi again. All Wi-Fi devices are affected. It was a long ~9 months embargo, over this time a lot of info has been collected and that info now available at fragattacks.com

1/4 Google has known about a bug that breaks VPN apps for 7 months, leaving users exposed with no warning or error, just a VPN app that stopped working in the background. If you're using ANY VPN on Android, you can help us by getting Google's attention to fix it. Details 👇 🧵

Watching remotely? You can follow Real World Crypto 2026 on YouTube livestreams (also available via the website): Day 1 (Mar 9): youtube.com/live/QQhyxFj4x… Day 2 (Mar 10): youtube.com/live/00zvMSWHo… Day 3 (Mar 11): youtube.com/live/v_AFtbWr1…

الدفاعات الجوية الإماراتية تتعامل مع 137 صاروخاً و209 طائرة مسيرة أعلنت وزارة الدفاع أن القوات الجوية والدفاع الجوي لدولة الإمارات العربية المتحدة نجحت منذ بدء الهجوم الإيراني، في التعامل مع وتدمير 137 صاروخاً باليستياً و209 طائرة مسيّرة أُطلقت باتجاه أراضي الدولة، مؤكدةً الجاهزية العالية لمنظومات الدفاع الجوي وقدرتها على التعامل مع مختلف التهديدات. وأوضحت الوزارة إلى أنه ومنذ بدء الهجوم تم رصد 137 صاروخاً باليستياً إيرانياً تم إطلاقه تجاه الدولة، حيث تم تدمير 132 صاروخاً، فيما سقط 5 منها في مياه البحر، كما تم رصد 209 طائرة مسيرة إيرانية، وتم اعتراض 195 منها، فيما وقعت 14 منها داخل أراضي ومياه الدولة، وتسببت ببعض الأضرار الجانبية. وأشارت الوزارة إلى أنه ونتيجة التصدي الفعال للصواريخ والمسيرات، سقطت بعض الشظايا في مناطق متفرقة في الدولة، مما أدى إلى حدوث أضرار مادية بسيطة في عدد من الأعيان المدنية. وأكدت الوزارة أن الجهات المختصة تحركت على الفور بكامل جاهزيتها وإمكاناتها للتعامل مع الوضع وفق الإجراءات المعتمدة في مثل هذه الحالات، وتم اتخاذ التدابير اللازمة لضمان سلامة السكان وتأمين المواقع المتأثرة. وأدانت الوزارة هذا الهجوم بأشد العبارات، مؤكدة رفض الدولة القاطع لمثل هذه الأعمال التي تمثل تصعيداً خطيراً وعملاً جباناً يهدد أمن وسلامة المدنيين ويقوض الاستقرار. وشددت الوزارة على أن هذا الاستهداف يُعدّ انتهاكاً صارخاً للسيادة الوطنية وللقانون الدولي، وأن الدولة تحتفظ بحقها الكامل في الرد على هذا التصعيد واتخاذ جميع الإجراءات اللازمة لحماية أراضيها وشعبها والمقيمين فيها، وبما يضمن صون سيادتها وأمنها واستقرارها ويحمي مصالحها ومقدراتها الوطنية. وأعربت الوزارة أنها على أهبة الاستعداد والجاهزية للتعامل مع أية تهديدات، وأنها تتخذ كافة الإجراءات اللازمة للتصدي بحزم لكل ما يستهدف زعزعة أمن الدولة واستقرارها، وأكدت أن سلامة المواطنين والمقيمين والزوار تمثل أولوية قصوى لا يمكن التهاون فيها. وتهيب الوزارة بالجمهور الكريم استقاء المعلومات من المصادر الرسمية في الدولة، وتجنب تداول الشائعات أو المعلومات غير الموثوقة. #وزارة_الدفاع #وزارة_الدفاع_الإماراتية #MOD #UAEMinistryOfDefence

ok very cool, I'm using #AirSnitch to overcome guest isolation and I can port scan other clients inside this isolated network. This network is 'ISOLATED' and guest isolation is enabled....

@UK_Daniel_Card Looks nice! I'd be happy to help test it once I'm back at work

@vanhoefm still working on this... but seems to work...

@nmschulte Both are open-source router distributions. DD-WRT was run on Netgear R7000 and OpenWrt on D-Link DIR3040. I'd expect most attacks to be independent of the driver(s) these devices use, and apply to dd-wrt and OpenWrt in general. But might be good to explicitly confirm that :)

@vanhoefm You claim "OpenWRT 24.10" is a piece of hardware (and similar DD-WRT), but its implementation varies naturally based on the target/device it is installed. Which target(s)/device(s) did you use in your research with OpenWRT/DD-WRT; or does it not matter, only hostapd cfg? Thanks!

We found that Wi-Fi client isolation can often be bypassed. This allows an attacker who can connect to a network, either as a malicious insider or by connecting to a co-located open network, to attack others. NDSS'26 paper: ndss-symposium.org/wp-content/upl… GitHub: github.com/vanhoefm/airsn…

@SecureThisNow @matthew_d_green I was pleasantly surprised by seeing this article ;)

@matthew_d_green @vanhoefm Hahaha I just found the paper with you on it. Excellent work!

This seems bad for WiFi encryption: arstechnica.com/security/2026/…

@shdwstar Thank you 😄

@vanhoefm Air snitch is a very well chosen name.

@attrc Thank you!

Great work from @vanhoefm!

@UK_Daniel_Card @0x686967 Yeah I'm trying to clarify that we can't just break any Wi-Fi network. We bypass client isolation, which is a more specific threat model. Though in one of our university networks, the co-located open network could be used to attack devices on the co-located Enterprise SSID ;)

@0x686967 Haha yes! This is almost certainly being. Overstated in terms of risk imho

Hey @UK_Daniel_Card you do a fun omg left my computer on a train with this baddie?

@IceSolst That's an interesting way to put it haha :)

This is the god of wifi hacking btw

A big thanks to all co-authors: @zhouxinan @drivertomtt Zhutian @pkqzy888 Zhaowei, Srikanth And if you want more information, come to our Black Hat Asia talk ;) #airsnitch-breaking-client-isolation-in-wi-fi-networks-51283" target="_blank" rel="nofollow noopener">blackhat.com/asia-26/briefi…

Crypto is often bypassed instead of broken. And AirSnitch does exactly that: bypass crypto. A malicious insider, or someone connected to a co-located open Wi-Fi, can attack and intercept the traffic of others. If you don't rely on client/network isolation, you are safe.

Personal Wi-Fi hotspot named “I have a bomb, everyone will die” triggered NATO Quick Reaction Alert airlive.net/incident/2026/…

🚨Don't use Anna's Archive — it's pirate website with 61M+ books and 95M+ research papers freely available. We should all try to make billion-dollar academic publishers richer.

This is the story of how reading “The Selfish Gene” when I was around 15 changed my career decades later. It’s a terrific book. But beyond its substance, it changed my view of what science can be. It showed me that there are simple but profound ideas waiting to be discovered. I’d thought of the frontier of science as necessarily esoteric, but the book proved otherwise. Richard Dawkins’s writing also showed me that it’s possible to explain novel and profound ideas in a way that even a child (me) could understand them. When I grew up and became a researcher, I never stopped thinking about this. I began to gravitate toward the simplest questions within my areas of expertise, rather than the hardest, contrary to the norm in science. And I taught myself how to communicate my ideas to as broad an audience as possible. Unfortunately, the peer review process heavily penalizes this approach, because the value system prioritizes abstruseness, when ideally it should be the opposite. But no matter — I found that simpler ideas, when they do get published, are much more widely read, which made it all worthwhile. Besides, pushing to make ideas as simple and as simply communicated as possible often made them *better ideas*, more robust and widely applicable than initially anticipated. Aspirations should be balanced with an awareness of one’s limitations. Not everyone can be as successful as Dawkins; I realized that I couldn’t count on my ideas being so powerful that they would spread on their own (fittingly, the term “meme” was coined in The Selfish Gene!) So I’ve tried to put as much effort into spreading ideas as I do into generating and explaining them. That’s a topic I’ve written about here before and probably will again.

Hey @POLITICOEurope, you could have also framed this positively, as the EU managing to strike a deal on a €90 billion loan to Ukraine.

I feel better knowing at least some people see this: lwn.net/Articles/10491… lwn.net/Articles/10491…