Thousands of University Wi-Fi Networks Expose Log-In Credentials

guest · Sep 30, 2021

Thousands of University Wi-Fi Networks Expose Log-In Credentials
Certificate misconfigurations of the EAP protocol in Eduroam (and likely other networks globally) threaten Android and Windows users
September 30, 2021
https://threatpost.com/misconfiguration-university-wifi-login-credentials/175157/

Multiple configuration flaws in a free Wi-Fi network used by numerous universities can allow access to usernames and passwords of students and faculty who connect to the system from Android and Windows devices, researchers have found.

A research team from WizCase, led by researcher Ata Hakçıl, reviewed 3,100 configurations of Eduroam at universities throughout Europe, finding that more than half of them have issues that can be exploited by threat actors. The misconfiguration danger could extend to other organizations globally as well, they added.
Click to expand...

Specifically, researchers discovered flaws in the implementation of the Extensible Authentication Protocol (EAP) that Eduroam uses, which provides different stages of authentication as people connect to the network. Some of those authentication phases aren’t configured properly in some universities, opening security holes, they said.

“Any students or faculty members using Eduroam or similar EAP-based Wi-Fi networks in their faculties with the wrong configuration are at risk,” researchers wrote in a report posted Wednesday.
Click to expand...

WizCase: Universities’ Security Blindspot on Global Free WiFi Network Leaves Faculty and Student Usernames and Passwords Exposed to Hackers

WizCase’s security team, led by Ata Hakçıl has discovered a major security issue affecting the users of WiFi provider eduroam. Eduroam provides free WiFi connections at participating institutions assigning student, researcher, or faculty login credentials.
Each institution gives time, manpower, and other resources to help keep eduroam running.

Unfortunately, since there is no one person in charge of maintaining the system in each university, a simple misconfiguration could make it the target of hackers who would be able to spoof the network and capture users’ login IDs and passwords — potentially giving them access to confidential or personal information, and more.
Click to expand...

Log in or Sign up

Thousands of University Wi-Fi Networks Expose Log-In Credentials

guest Guest

Log in or Sign up

Thousands of University Wi-Fi Networks Expose Log-In Credentials

guest Guest

Useful Searches