Wow, are all WiFi routers and access points insecure now? Some manufacturers are saying new chips will be required to address the security issues raised by the researchers. Apparently, OpenWRT and Ubiquiti are also affected. Using a VPN may help, but the author of that article seems to think VPNs are bad with the suggestion that metadata and DNS queries are leaked. Shouldn’t be an issue with IVPN and Mullvad, right?
What will you do now, in light of the explosive report?
It’s crazy they only tested AmpliFi routers from them, who has those? 
Very interesting though. I guess I will go check my guest network settings now, but for most people with only a single WiFi network I guess this attack won’t matter to them.
The article states that for this attack to work, and attacker already has to be on the network. Securing your network with WPA3 with a strong password will mitigate the danger from external attacks.
The main danger comes from using public WiFi or if an attacker somehow gains access to a network you are on. A VPN here is the best defense, the caveats the article mentions in regard to VPNs are the standard ones (bad configs can leak data, many VPN providers are sketchy, etc). Using a well regarded VPN, properly configured, will mitigate this attack vector.
But it does mean all the recent “you don’t need VPN on public WiFi cause HTTPS” nonsense that has become popular lately is exactly that….nonsense.
On any network being broadcast on the AP, not just the one you are on, hence the concern about guest networks.
I’ve already disabled all other SSIDs. I will refrain from using guest networks until my understanding of this issue improves. Short of any other mitigation, I’ll be using one SSID.
Yeah, clearly https alone isn’t enough. Hopefully, OG isn’t recommending that! Everyone should have Mullvad at the very least!