vulnerability

Setting up guest Wi-Fi seemed like a good idea. Until the latest vulnerability has appeared: AirSnitch

by

I’m the first one I have activated a guest Wi-Fi network to facilitate access to Wi-Fi connectivity for my friends and family, without compromising the security and privacy of the Wi-Fi network to which the rest of me is connected. devices in my home. The coffee shop I usually go to does it too. Separating the main network from the one used by visitors or clients seemed enough to prevent someone connected from snooping on other people’s computers, cell phones or printers. However, that model just took a major setback. A group of researchers has presented in the NDSS 2026 a attack called AirSnitch which shows that this separation can be broken even when the router has isolation between devices activated and uses modern encryption such as WPA2 or WPA3. The problem with AirSnitch is that it is not a brute force attack against these protection systems, but rather it has found an alternative path in which this protection simply does not arrive. AirSnitch is not an attack, it is an alternative AirSnitch is not an out-of-the-box malware, but rather a technique that exploits a vulnerability in the way many access points implement client isolation. This function, present in all home, business or public Wi-Fi networks, should prevent two devices connected to the same Wi-Fi from being able to communicate directly with each other. The problem, according to the study presented in it Network and Distributed System Security Symposiumis that this isolation is not part of a single standard and each manufacturer implements it in its own way. In their tests, the researchers analyzed 11 different devices, from home routers to professional equipment and alternative firmwares. They found vulnerabilities to AirSnitch techniques in all of them. In statements collected by Ars TechnicaXin’an Zhou, one of the authors of the work, stated that AirSnitch “breaks Wi-Fi encryption around the world and could have the potential to enable advanced cyberattacks. Our research physically taps the entire wire for these sophisticated attacks to work. It is truly a threat to the security of networks around the world.” How AirSnitch works The key is that, although the devices are “isolated” from each other thanks to the customer isolationshare certain internal mechanisms of the router that allow data traffic to be organized. AirSnitch takes advantage of that feature to trick the access point and make some of the information that should go to another device pass through the attacker first. In practice, this allows you to place yourself in the middle of the communication without the victim realizing it, generating what is known in cybersecurity as a Man-in-the-Middle (man in the middle), in which all the information on that device first passes through an intermediary. From there, the attacker can observe data and, in certain cases, modify it before it reaches its destination. That is, it is not about guessing the Wi-Fi password, but rather taking advantage of how the device itself router manages connections internal once someone is already connected. The researchers showed that this technique can facilitate additional attacks, such as redirecting the victim to fake pages or manipulating certain internal communications if they are not adequately protected. Isolation, which was supposed to prevent precisely this scenario, stops be an effective barrier. The main problem is that all devices connect to the same router that manages them. Why public networks are the most delicate scenario The risk is especially relevant in open or shared networksF for many people: cafes, airports, hotels or coworking spaces. In these environments, any user can legally connect through the password provided by the establishment and, if the access point is vulnerableattempt to exploit the flaw against other clients connected at that time. In one home network the impact is much more limitedbecause the attacker needs to know the password to enter first. That is, it has to be one of the guests to whom you have given the password, not someone external. Still, research shows that activating a guest network does not alone ensure that devices are completely isolated. Being a recent discovery, there is still no immediate universal solution for the end user. The fix depends largely on firmware updates by manufacturers or deeper changes in how they design their device isolation systems. Meanwhile, in enterprise environments it is recommended to segment networks more strictly, using configurations that truly separate devices into different internal environments and do not depend solely on a router function. For individuals, keeping equipment up-to-date, using strong passwords, and avoiding sensitive operations on public networks without additional protection are reasonable measures to reduce risk that continue to be in effect. Need a password to connect to a Wi-Fi network It is not a guarantee of security or privacy. In Xataka | VPN Buying Guide: Nine Services to Consider for Safer Browsing Image | Unsplash (Bernard Hermant)

The incident of the plane in which Von der Leyen was traveling was not another scare. It is a vulnerability that Europe cannot ignore

by

Like our mobiles or our cars, airplanes turn to satellites to know where they are. These signals, integrated into the FMS management system (FMS)improve the precision and efficiency of aerial trajectories. Nevertheless, That system is not unique or infallible: In interference situations, pilots must resort to classical aid such as inertial systems, terrestrial radio aids or even paper maps. In times of war, These setbacks have become more commonespecially in areas close to active conflicts. What was previously a rare incident is a real concern for airlines, controllers and governments. The recent flight of Ursula von der Leyen to Bulgaria has put it back in the fore, remembering that even the most advanced systems can fail and that Europe is reinforcing its defenses to avoid it. When the GNSS system of a plane gives problems Surely you have heard of “GPS” to refer to satellite positioning. It is a popular term, but technically incorrect: the system is called GNSS (Global Navigation Satellite System) and integrates several constellations, such as the American GPS, European Galileo, Russian Glonass and Chinese Beidou. In aviation, modern receptors can combine signals from different networks To improve reliability, which allows aircraft to plan more efficient routes and land accurately in airports where it was unthinkable before. The incident with the Ursula von der Leyen plane is a good example of what happens when that network fails. The European Commission confirmed that its flight experienced an interruption of the satellite signal on August 31, 2025, when it approached Plovdiv, south of Bulgaria. According to Reutersand Financial Timesthe pilots completed the landing using printed letters and traditional navigation procedures. Bulgaria explained that “The satellite signal that transmitted information to the GNSS system of the plane was neutralized.” The commission added thataccording to the Bulgarian authorities, there is suspected “flagrant interference” by Russia; Moscow denies it. If you have ever wondered how a plane continues to fly when GNSS loses, the answer is in the redundancy. In addition to satellite signals, it has inertial systems They calculate the position using accelerometers and gyroscopes, as well as radiusayudas on land as. In Europe, The Galileo Network Work next to Egnosan increase system that corrects errors and allows precision operations. This technological network makes GNS loss complicate the flight, but reduces risk scenarios. When we talk about “interferences” we do not always refer to the same. There are two main techniques: Jammingwhich blocks the signals, and Spoofingthat introduces false information to deceive the receiver. For pilots, both phenomena can translate into changes in experience and greater workload. Therefore, although Von der Leyen’s flight ends well, the event has served as a reminder: the skies have become a more complex land with this type of threats in the air. The president of the European Commission greets Bulgarian Prime Minister Rossen Jeliazkov upon arrival in Plovdiv, on a trip marked by an incident of Jamming Satellitan A clear example of these risks occurred in March 2024. The positioning system of the Royal Air Force plane that transported the then Secretary of Defense of the United Kingdom, Grant Shapps, It was interfered for several minutes while flying near the Russian enclave of Kalinningrad. According to British government sources cited by Reutersthe pilots had to resort to alternative navigation methods. The Kremlin did not comment on the event, which was interpreted in the West as a demonstration of the electronic warfare capabilities of Russia. Bulgaria and the European Commission point to Russia as possible responsible for the interference suffered by the Dassault Falcon 900lx (registration oo-gpe) that transferred Ursula von der Leyen, Operated by Luxaviation Belgium and en route aab53g between Warsaw and Plovdiv, According to Flightradar24 data. The aircraft was a charter flight, since community institutions do not have an official fleet, and there are no conclusive evidence or confirmation that it was a deliberate action against the plane. Moscow has denied any involvement. The aircraft was a charter flight, since community institutions do not have its own official fleet. To what extent is it dangerous to lose GNSS signal in full flight? Redundant systems and emergency procedures drastically reduce the risk of an accident, but do not eliminate concern. EASA warns that interference GNSS can degrade communication, navigation and supervision functions, and cause false TAWS alerts (Terrain Awareness and Warning System), the alert system that warns the crew when there is Risk of collision with land or obstacles. Each extra alarm in cabin implies more workload for crews, which must react rapidly to maintain flight safety. According to Airbuswhen the GNSS signal is lost, the aircraft does not lose its main navigation capacity. The flight management system (FMS) compensates for loss using data from other sources such as inertial reference systems (IRS) and RadioAyudas (Vor/DME), maintaining a precise position calculation. However, some high precision navigation and surveillance functions that depend exclusively on the GNSS can be temporarily affected until the signal is recovered. The institutional response also advances. The European Commissioner of Defense, Andrius Kubilius, announced that the European Union plans to strengthen its satellite network in low orbit To improve the detection of interference, although deadlines or operational details have not yet been completed. Galileo already offers Osnmaan operational service since July 24, 2025 that authentic navigation messages and helps identify and mitigate attempts to supplant signal (spoofing). Ursula von der Leyen plane landed without serious incidents, but the message is clear: without satellite navigation, modern aviation loses an essential piece. Europe works to reinforce this infrastructure, both technological and defensively, with the aim that what happened in Bulgaria is an isolated episode in a technological war that is already fought in space and cyberspace. The details of these measures are yet to be defined. Images | Dassault Aviation | Rossen Jeliazkov In Xataka | For years the Airbus A380 symbolized European power against Boeing. Today it survives as a colossus without the kingdom

A single click and goodbye to our passwords. This is the vulnerability that affects the extensions of several managers

by

We trust our Password managers as if they were digital safes. But, According to expert Marek Tóthjust visit the wrong website and click where it does not correspond to put that armor at risk. The technique presented in Def with 33 does not point to applications, but to extensions we use daily In the browser. In his tests, he ensures that this gesture can activate an information theft system without the user perceiving it. The research, made public in one of the main international conferences of computer security, documents how eleven extensions of password managers could be manipulated to filter data. Toth states that he notified the finding of manufacturers in April 2025 and that in mid -August several still still had corrections. The study includes practical tests, websites designed to demonstrate the failure and an estimate of the scope: about 40 million potentially exposed active facilities. How the attack works and why it affects you The technique described by Tóth is based on hiding the elements that the extensions insert on the page so that the user interacts with them without seeing it. With minimal changes in opacity or overlapthe attacker gets that The self -fulfilling is activated in the background. And there are several ways to achieve it, from manipulating the root element of the extension to altering the entire body of the site, in addition to variants by overlap. The most delicate scenario appears when a trap website is not necessary, but it is enough to take advantage of a legitimate page with a security failure. In those cases, he explains, the attacker can capture login credentials. The risk increases because many managers fill data not only in the original domain, but also in subdomains, which expands the attack surface without the user noticing it. According to data published by Tóth and collected by Socketon August 19, 1Password, Bitwarden, ENPASS, were continued as vulnerable Icloud PasswordsLastpass and Logmeonce. On August 20, Socket updated that Bitwarden had sent version 2025.8.0 with a patch, pending distribution in extensions. Among the managers who did apply corrective measures are NordPass, Dashlane, Keeper, Protonass and Roboform. Of course, this list can vary at any time if other companies publish arrangements after the dissemination. Extension of password manager for the browser The manufacturers reaction was disparate. Socket points out that 1Password and Lastpass classified the ruling as “informative”, a category that usually implies absence of immediate changes. Bitwarden, ENPASS and Apple (Icloud Passwords) confirmed that They work in updateswhile Logmeonce did not respond to contact attempts. Some companies admitted the existence of risk, but related to external vulnerabilities at the sites visited. While some developers decide how to act, Toth and Socket team agree that there are practical measures to reduce exposure. One of the most effective is to deactivate the manual self -fulfilling and resort to copying and paste. It is also recommended to configure the automatic filling only for exact URL coincidences, preventing it from working in subdomains. In chromium -based browsers, the use of the extension can be limited with the access option “When clicking”, so that the user explicitly authorizes each use. The researcher shows how it is possible to overlap invisible elements on the page to deceive the user and press the password manager without realizing it Not everything is as immediate as clicking and losing everything. For the attack to succeed, the extension must be unlocked, the browser has not restarted and the user interact at the right time. In addition, the analysis focused only on eleven extensions. There is no evidence that All solutions The market is vulnerable, although the expert warns that the pattern can be repeated in other types of extensions. The weak point is in the SUNthe internal structure used by websites to organize buttons, forms or menus. Password managers insert their elements there, and if a malicious page manages to move them, hide or force them, the user can end up clicking without realizing it. That same risk extends to other extensions such as cryptocurrency wallets or notes applications. Images | Xataka with Gemini 2.5 In Xataka | How to change all our passwords according to three cybersecurity experts

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.