How does the perpetrator gain access to a network?
He does not. The flaw is client side, it tricks a client into connecting to a rogue network transparently.
Specifically does the flaw enable them access to any wireless network secured by WPA2 or do they need to be already granted access to the network to perpetrate this attack?
This flaw doesn't cover those "use case".
Is this network access or just data collection from an unpatched device?
If the attacker perpetrate the attack successfully he has:
- His own network that's a spoofed version of your network and that he is the master of
- Your clients (smartphone, computer) connected to it thinking they are connected to your own original network
From then he can do a lot of things to your client.
If one patches all the wireless clients does this address the issues from practical perspective?
Yes, that's exactly what you need to do.
As this is a wireless issue, do the patches\fixes for this impact non-wireless devices like my PC-Engines ALIX?
This is purely a Wireless issue, if your client does not use wireless there's nothing to worry about.
Why or how does this impact IoT devices on a home network?
Oh boy! Welcome to 2017 when you need to patch your lightbulbs because they're also affected!
I don’t really know how these devices work under the covers, but (based up on the match.com video) if one has already configured creds to say Netflix on a smart TV are these sent each time I request a video and thus available to the hacker?
It depends on the device really, you have to hope they are using secure encrypted connections to the different servers used with proper HSTS and be resistant to SSL striping attacks.
What about other devices like smart locks?
Every. Single. Wi-Fi. Device. Is. Affected. And needs to be patched.
I realize this is a problem which should get patched, but it sounds like it may not be possible to patch some devices at all.
Welcome to the Internet of Shit!