engleski

How secure is eduroam?

In this talk we give a detailed desription of security flaws when using the SSL/TLS security protocol in wireless access networks, with special emphasis on the SSL/TLS problem in WPA2 Entrprise networks. Specifically, in the WPA2 Enterprise Network, such as the exmaple of eduroam network, users fail to configure network settings in a client application, where esentially the client does not verify the SSL/TLS certificate. As a result, the attacker with the fake access point can easily reveal user's credentials. Within this talk, tests have been made to confirm the configuration configuration of client applications when connecting to eduroam WiFi network. Namely, out of a total of 800 users, as many 400 have not correctly configured a client application, which as a result can have far greater implications than just stealing a username and password when attempting to join eduroam.

eduroam, WiFi security, privacy

nije evidentirano