The idea behind eduroam (short for education roaming) is simple, yet brilliant: students and members of staff who spend a certain period of time at another university are able to use their home university’s login data to log into the Wi-Fi network of the university they are visiting – this saves time and effort, because there’s no need to apply for guest access.
But any new technology will sooner or later attract hackers. This is also the case with eduroam. Here, the attacker uses a laptop and a radio antenna to set up a fake access point; this enables him to find out password and user name.
“If an attacker reads those data, he will gain access to many university services, including the user’s email account,” said Christina Pöpper, who has been heading the work group Information Security since 2013.
Fifty per cent of the tested devices vulnerable
She and her colleagues performed spot checks to identify how many devices at RUB are not sufficiently protected. In 2015 it turned out that almost 50 percent of the 1,275 tested devices were vulnerable to attacks, pretty much like in the previous year.
“The eduroam system is well thought-out,” said the researcher. “However, it is based on the idea that users carry out all relevant installations on their devices. They constitute the best protection from attacks – provided they are performed correctly.”
What kind of installations and how to run them need to explained on the computer center web pages.