After watching the fabulous video, here's what I think I learned... (There's the mention that other OSes have "other attack vectors", but if this is the worst, well, it's a lot more trouble than starting FireSheep...)
https://www.youtube.com/watch?v=Oh4WURZoR98&t=56s
YouTube Mathy Vanhoef
KRACK Attacks: Bypassing WPA2 against Android and Linux
- Clones network on different channel
- then it only works on "improperly configured websites", like uk.match.com (edited)
https://www.youtube.com/watch?v=Oh4WURZoR98&t=1m11s
YouTube Mathy Vanhoef
KRACK Attacks: Bypassing WPA2 against Android and Linux
Quote:
"we make sure the victim can access the internet through our malicious network"
- Course I'm assuming this youtube dude knows what he's talking about
- Might be paper author?
- here's the real trouble:
https://www.youtube.com/watch?v=Oh4WURZoR98&t=1m52s
YouTube Mathy Vanhoef
KRACK Attacks: Bypassing WPA2 against Android and Linux
Quote:
Hacking app has to start "sending special wifi frames that can command android to connect to a different channel", which is the OS specific side of the vulnerability for Linux and Android.
- ^ And there's your issue. :wink: So not super simple, but not a copper wire tap either
And even then, you'll lose the https badge in your browser when you're on those "improperly configured sites". Not good, but not a wide-open Heartbleed either, if I understand it correctly.