[cm2187]

Also doesn't it require the attacker to have access to your wifi already? If that's the case, it's a hazard for connecting in a Starbucks or on your mobile service wifi, but you would be safe on your home or corporate wifi (unless the attacker is a colleague or relative!).

[danilocesar]

> Also doesn't it require the attacker to have access to your wifi already?

No it doesn't. Watch the video. It creates a clone of your network and tricks the victim's software stack to connect into it.

[makomk]

Nope. The man-in-the-middle attack it uses involves forwarding and replaying encrypted packets without decrypting the contents, so all it requires is that the attacker be within range of your wifi; they don't need any of your keys or passphrases.

[snerbles]

Totally safe, until your local war-driver sniffs out your insecure device and comes back at two in the morning to upload illegal content via your ISP.

[ibmthrowaway218]

Except the attack doesn't get you access to their wireless network. It allows you to redirect someone from their wireless network to your own (spoofed) wireless network and then you can snoop the traffic.

[lightedman]

If it works in one way what reason is there to think it won't work the opposite direction? This flaw is in the protocol itself.

[blurbleblurble]

You're freaking me out with that scenario