Security News > 2021 > September > Thousands of University Wi-Fi Networks Expose Log-In Credentials

Thousands of University Wi-Fi Networks Expose Log-In Credentials
2021-09-30 11:29

A research team from WizCase, led by researcher Ata Hakçıl, reviewed 3,100 configurations of Eduroam at universities throughout Europe, finding that more than half of them have issues that can be exploited by threat actors.

It assigns students, researchers and faculty members log-in credentials that allow them to obtain internet connectivity across different institutions by using credentials from their own university.

"Any students or faculty members using Eduroam or similar EAP-based Wi-Fi networks in their faculties with the wrong configuration are at risk," researchers wrote in a report posted Wednesday.

While each institution provides resources and people to help keep Eduroam running, there is no centralized management for the network - either as a whole or at each university where the system is in place, researchers observed.

IOS devices aren't vulnerable to the issue because they don't allow connections to EAP networks without installing the EAP configuration file, which enforces the validity of the server-side certificate, researchers said.

Of the 3,100 Euroam participating university configurations reviewed by WizCase, 2,100 scattered across Europe are potentially affected by the problem, researchers said.


News URL

https://threatpost.com/misconfiguration-university-wifi-login-credentials/175157/