Street dating revealed password
Therefore, any correct implementation of WPA2 is likely affected.
To prevent the attack, users must update affected products as soon as security updates become available.
As described in the introduction of the research paper, the idea behind a key reinstallation attack can be summarized as follows.
When a client joins a network, it executes the 4-way handshake to negotiate a fresh encryption key.
This implies all these networks are affected by (some variant of) our attack.
For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES.
For example, an attacker might be able to inject ransomware or other malware into websites.
As a proof-of-concept we executed a key reinstallation attack against an Android smartphone.
It will install this key after receiving message 3 of the 4-way handshake.
Once the key is installed, it will be used to encrypt normal data frames using an encryption protocol.
When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. Unfortunately, we found this is not guaranteed by the WPA2 protocol.
By manipulating cryptographic handshakes, we can abuse this weakness in practice.