Interesting!
This said, isn't it the same kind of attack that a malicious router (on the route between the sender and the receiver) could run? I.e. exploiting a plaintext connection?
It feels like using an encrypted connection like HTTPS prevents it, right?
If my understanding is correct, it means you can’t really use unencrypted protocols even within an intranet or home network when it is wifi-based, which is kind of a pain due to certificates, and for example DNS typically being unencrypted.
AP isolation is usually off for all but big hotspots in my experience. This will be a problem for people using AP isolation for preventing their IoT from connecting to other devices in their network, assuming their IoT is malicious, but other than that the risk seems to be mostly with professional/corporate networks.