In information security, a KARMA attack is an attack that exploits a behaviour of some Wi-Fi devices, combined with the lack of access point authentication in numerous WiFi protocols. It is a variant of the evil twin attack.[1] Details of the attack were first published in 2004 by Dino dai Zovi and Shane Macaulay.[2]

Vulnerable client devices broadcast a "preferred network list" (PNL), which contains the SSIDs of access points to which they have previously connected and are willing to automatically reconnect without user intervention.[3][1] These broadcasts are not encrypted and hence may be received by any WiFi access point in range.[4][5] The KARMA attack consists in an access point receiving this list and then giving itself an SSID from the PNL,[3][6] thus becoming an evil twin of an access point already trusted by the client.[1]

Once that has been done, if the client receives the malicious access point's signal more strongly than that of the genuine access point (for example, if the genuine access point is nowhere nearby), and if the client does not attempt to authenticate the access point, then the attack should succeed. If the attack succeeds, then the malicious access point becomes a man in the middle (MITM), which positions it to deploy other attacks against the victim device.[4]

What distinguishes KARMA from a plain evil twin attack is the use of the PNL, which allows the attacker to know, rather than simply to guess, which SSIDs (if any) the client will automatically attempt to connect to.[1]

See also

edit

References

edit
  1. ^ a b c d Instant KARMA Might Still Get You (10 August 2015). "Instant KARMA Might Still Get You". Insights.sei.cmu.edu. Retrieved 2019-03-03.
  2. ^ "SensePost - Improvements in rogue ap attacks – mana 1/2". sensepost.com. Retrieved 3 March 2019.
  3. ^ a b Wright, Joshua (5 March 2007). "Issues with SSID cloaking". Network World.
  4. ^ a b "The WiFi Pineapple - Using Karma and DNSspoof to snag unsuspecting victims". Archived from the original on 2019-03-06. Retrieved 2019-03-03.
  5. ^ "SANS security". Professionalsecurity.co.uk. Retrieved 3 March 2019.
  6. ^ Ethical Hacking and Countermeasures: Web Applications and Data Servers. Cengage Learning. 24 September 2009. ISBN 978-1435483620 – via Google Books.