In this demonstration, the attacker is able to decrypt all data that the victim transmits.
For an attacker this is easy to accomplish, because our key reinstallation attack is exceptionally devastating against Linux and Android 6.0 or higher.
Our detailed research paper can already be downloaded.
As a proof-of-concept we executed a key reinstallation attack against an Android smartphone.
Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.
This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.
The attack works against all modern protected Wi-Fi networks.
Currently, all modern protected Wi-Fi networks use the 4-way handshake.
It will install this key after receiving message 3 of the 4-way handshake.
Once the key is installed, it will be used to encrypt normal data frames using an encryption protocol.
By forcing nonce reuse in this manner, the encryption protocol can be attacked, e.g., packets can be replayed, decrypted, and/or forged.
The same technique can also be used to attack the group key, Peer Key, TDLS, and fast BSS transition handshake.
When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. Unfortunately, we found this is not guaranteed by the WPA2 protocol.