Is the Karma attack still relevant today?

Question

I tried replicating the Karma attack and it does not work on my iphone5s and galaxy s6. Even when the phones send out directed probe requests and the Rouge AP responds with the appropriate probe responses, the phones just ignore them and refuse to connect. I have also heard that most of the devices have already been patched to defend against this attack since this attack was introduced more than 10 years ago.

This makes me wonder, are there any devices out there that are still vulnerable to this attack? Or has this attack become a thing of the past? (To be clear, I am talking about the attack where client devices automatically respond to probe responses and associate with the Rouge AP, not where the user mistakens the Rogue AP for the legitimate one and chooses to join it manually.)

"_more than 10 years_" for an attack? – dandavis May 09 '17 at 03:56 — dandavis, May 09 '17 at 03:56

score 4 · Answer 1 · answered May 11 '17 at 18:19

It's still very much relevant. I took a KARMA device with me to lunch today and 76 different devices attempted to connect to it. Those are actual connection attempts, and not just probes. I have MAC address whitelisting enabled, so nothing will successfully connect, but I'll know when they try.

Most OS vendors appear to have addressed the most obvious vulnerability where they'll probe-and-connect upon bootup or turning on wireless. However, any current OS can be made vulnerable to KARMA if it's ever connected to an open network that doesn't broadcast its SSID. Alternatively, if an attacker is in radio range, there are a number of ways that a user can be kicked off of an unencrypted network that will cause them to join the KARMA attacker's network instead.

Out of the 76 devices that attempted to connect to me, I have no way of knowing which are running old indeed-vulnerable operating systems, or which have been configured to be KARMA-vulnerable, or if there was another attacker or radio anomaly nearby.

Can you recommend a software package for people who want to try themselves? — Elias, Aug 22 '17 at 09:15

score 0 · Answer 2 · answered Aug 22 '17 at 09:10

To complement Will's answer, no attack will always be too old. Most attack and security issues will have potentially at least one device that can be exposed. KARMA is one case, where users use out-dated or old devices that can be affected by the vulnerability. (Will described its ins and outs). There will always be old systems that can be exploited. While it might not affect most user masses, it is always one way or another way important to keep in mind.

Is the Karma attack still relevant today?

2 Answers2