Message Decryption

Somewhat surprisingly, the ability to modify and inject packets also leads to ways the adversary can decrypt packets!
The adversary can not decrypt the packets himself, since he doesn't know k, and RC4 is a strong cipher
But the base station knows k
Perhaps the adversary can trick the base station into decrypting the packet, and telling him the result

It turns out he can, in quite a few different ways:
Double-encryption
IP Redirection
Reaction attacks