* 4-way handshake nonce reuse attack * does NOT allow recovery of WIFI password or 4-way handshake negotiated encryption key (except for linux/android which can be tricked into using all-zero encryption key--lolz) * does allow the attacker to preform a full MITM attack on a Wi-Fi connected client * no access point patch can fix this, EVERY client device that connects to WiFi needs to be patched
Finally, we confirmed our findings in practice, and found that every Wi-Fi device is vulnerable to some variant of our attacks. Notably, our attack is exceptionally devastating against #Android 6.0: it forces the client into using a predictable all-zero #encryption key.