KARMA attack

In information security, KARMA is an attack that exploits a behaviour of some Wi-Fi devices, combined with the lack of access point authentication in numerous WiFi protocols. It is a variant of the evil twin attack.^[1] Details of the attack were first published in 2004 by Dino dai Zovi and Shaun Macaulay.^[2]

Vulnerable client devices broadcast a "preferred network list" (PNL), which contains the SSIDs of access points to which they have previously connected and are willing to automatically reconnect without user intervention.^[3]^[1] These broadcasts are not encrypted and hence may be received by any WiFi access point in range.^[4]^[5] The KARMA attack consists in an access point receiving this list and then giving itself an SSID from the PNL,^[3]^[6] thus becoming an evil twin of an access point already trusted by the client.^[1]

Once that has been done, if the client receives the malicious access point's signal more strongly than that of the genuine access point (for example, if the genuine access point is nowhere nearby), and if the client does not attempt to authenticate the access point, then the attack should succeed. If the attack succeeds, then the malicious access point becomes a man in the middle (MITM), which positions it to deploy other attacks against the victim device.^[4]

What distinguishes KARMA from a plain evil twin attack is the use of the PNL, which allows the attacker to know, rather than simply to guess, which SSIDs (if any) the client will automatically attempt to connect to.^[1]

References

↑ ^1.0 ^1.1 ^1.2 ^1.3 Instant KARMA Might Still Get You. "Instant KARMA Might Still Get You". https://insights.sei.cmu.edu/cert/2015/08/instant-karma-might-still-get-you.html.
↑ "SensePost - Improvements in rogue ap attacks – mana 1/2". https://sensepost.com/blog/2015/improvements-in-rogue-ap-attacks-mana-1/2/.
↑ ^3.0 ^3.1 Wright, Joshua (5 March 2007). "Issues with SSID cloaking". https://www.networkworld.com/article/2295949/issues-with-ssid-cloaking.html.
↑ ^4.0 ^4.1 "The WiFi Pineapple - Using Karma and DNSspoof to snag unsuspecting victims". https://scotthelme.co.uk/wifi-pineapple-karma-dnsspoof/.
↑ "SANS security". https://www.professionalsecurity.co.uk/news/interviews/wi-fi-network-connection-weakness/.
↑ Ethical Hacking and Countermeasures: Web Applications and Data Servers. Cengage Learning. 24 September 2009. ISBN 978-1435483620. https://books.google.com/books?id=QWQRSTnkFsQC&q=karma&pg=SA2-PA24.

0.00

(0 votes)

Original source: https://en.wikipedia.org/wiki/KARMA attack. Read more

[cmu-1] 1.0 ^1.1 ^1.2 ^1.3 Instant KARMA Might Still Get You. "Instant KARMA Might Still Get You". https://insights.sei.cmu.edu/cert/2015/08/instant-karma-might-still-get-you.html.

[2] "SensePost - Improvements in rogue ap attacks – mana 1/2". https://sensepost.com/blog/2015/improvements-in-rogue-ap-attacks-mana-1/2/.

[nw-3] 3.0 ^3.1 Wright, Joshua (5 March 2007). "Issues with SSID cloaking". https://www.networkworld.com/article/2295949/issues-with-ssid-cloaking.html.

[sh-4] 4.0 ^4.1 "The WiFi Pineapple - Using Karma and DNSspoof to snag unsuspecting victims". https://scotthelme.co.uk/wifi-pineapple-karma-dnsspoof/.

[5] "SANS security". https://www.professionalsecurity.co.uk/news/interviews/wi-fi-network-connection-weakness/.

[ehcm-6] Ethical Hacking and Countermeasures: Web Applications and Data Servers. Cengage Learning. 24 September 2009. ISBN 978-1435483620. https://books.google.com/books?id=QWQRSTnkFsQC&q=karma&pg=SA2-PA24.

[1]

[2]

[3]

[4]

[5]

[6]

Anonymous

Search

KARMA attack

Namespaces

More

Page actions

See also

References

Navigation

Navigation

Help

Translate

Wiki tools

Wiki tools

Anonymous

Search

KARMA attack

See also

References

Navigation

Wiki tools

Page tools

Other projects

Categories