The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Andre Forigato <andre.forigato AT rnp.br>]

Eduroam vs Security


Hello All,


I need to share information about the safety of Eduroam.

If a hacker installs an access point with the name of Eduroam, and this 
access point points to a Freeradius server, it is possible that the malicious 
person sees all the logins and passwords in the Freeradius logs.

How to avoid this situation? Should user institutions force their students to 
use personal certificates? (certificate issued by the institution itself to 
its students)

Reaffirming that the idea here is how to make users of university 
institutions not fall into the trap of malicious people. Anyone can set up an 
access point pointing to a fake freeradius server. And these malicious people 
can get the username and password from all the devices that connect to the 
Eduroam access point.

How can we solve this problem?

Att,
André Luis Forigato