In information security, a KARMA attack is an attack that exploits a behaviour of some Wi-Fi devices, combined with the lack of access point authentication in numerous WiFi protocols.
[1] Details of the attack were first published in 2004 by Dino dai Zovi and Shane Macaulay.
[2] Vulnerable client devices broadcast a "preferred network list" (PNL), which contains the SSIDs of access points to which they have previously connected and are willing to automatically reconnect without user intervention.
[3][1] These broadcasts are not encrypted and hence may be received by any WiFi access point in range.
[4][5] The KARMA attack consists in an access point receiving this list and then giving itself an SSID from the PNL,[3][6] thus becoming an evil twin of an access point already trusted by the client.