Critical Security Recommendation for eduroam to Mitigate Evil Twin Attacks
A couple weeks ago, our new Program Manager for Identity and Access Management, Rafal Lawrukiewicz, sent an email highlighting the necessity of the eduroam Configuration Assistant Tool (CAT), and how it mitigates against man-in-the-middle attacks such as the “Evil Twin”.
The eduroam Configuration Assistant Tool is designed to automatically configure a device for eduroam use. It allows you, as the eduroam provider, to generate branded, language specific eduroam installers for various platforms, and ensure your users are protected from rogue Wi-Fi hotspots.
Due to the broad availability and variety of new hacking tools, an individual with a modest amount of technical skill can execute man-in-the-middle attacks on Wi-Fi networks. It’s now more important than ever to ensure that users on eduroam networks are secure.
We’ve outlined our recommendations for addressing this Wi-Fi vulnerability and further details on how an “Evil Twin” attack works on the eduroam network through this link.
eduroam CAT Quick Facts:
- Configuration takes less than 1 hour of effort, and significantly improves your organization’s security posture (and we’re here to help)
- Launching the profile does not affect your existing eduroam users and no proxy reconfiguration is required
- CAT can improve security for your new cohort
- Installing the profile prevents mobile devices from negotiating with rogue access points, completely protecting personal identifiable information (PII) and the password hash
- The CAT Profile simplifies the roaming experience, removing the need for username and password entry
- The profile offers a seamless and secure Wi-Fi roaming experience that leverages security best practices and standards
If you have any question, please reach out to us directly at firstname.lastname@example.org.
Featured Case Study: City of Mississauga
The City of Mississauga leveraged eduroam to provide a city-wide “virtual campus.” In this case study we look at why eduroam was adopted by Mississauga and how it has impacted the population of the city.
Spotlight: WBA OpenRoaming
Wireless Broadband Alliance – WBA OpenRoaming Opens the Door to Create One Global Wi-Fi Network
The Wireless Broadband Alliance (WBA) is an organization based in Singapore that has one goal in mind: Unite the world under a single global wireless ecosystem.
OpenRoaming is an open framework designed by the WBA to enable Wi-Fi providers to offer seamless movement between different wireless networks, while strengthening scalable and enhanced security for all users. Ultimately, OpenRoaming would like wireless access to be like the cellular roaming experience.
Several large companies such as Cisco, Broadcom, and AT&T have joined the WBA and are supporting these new OpenRoaming™ standards and policies.
Eduroam is a founding member of the Wireless Broadband Alliance ensuring that the needs of research and education are expressed. Many OpenRoaming™ concepts are eduroam inspired and if you are exploring OpenRoaming™, please don’t hesitate to reach out at email@example.com to help ensure a smooth integration with your current eduroam deployment.