The attack works against all modern protected Wi-Fi networks.
Depending on the network configuration, it is also possible to inject and manipulate data.
For example, HTTPS was previously bypassed in non-browser software, in Apple's i OS and OS X, in Android apps, in Android apps again, in banking apps, and even in VPN apps.
Our main attack is against the 4-way handshake of the WPA2 protocol.
As a proof-of-concept we executed a key reinstallation attack against an Android smartphone.
This implies all these networks are affected by (some variant of) our attack.
For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES.
However, because messages may be lost or dropped, the Access Point (AP) will retransmit message 3 if it did not receive an appropriate response as acknowledgment.
As a result, the client may receive message 3 multiple times.
Therefore, any correct implementation of WPA2 is likely affected.