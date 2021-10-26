Configuration failure hits Wi-Fi at Brazilian and world universities
A configuration failure in a Wi-Fi system used in universities around the world, including Brazil, can expose students, faculty and staff to theft of access credentials. The breach lies in a system called Eduroam, administered in a community way by the technology departments of the institutions themselves, which are also responsible for signing protocols and the platforms necessary for the free network to work.
- These are the main methods of protecting data centers
- Cybercriminals are looking for new methods to circumvent advances in digital security
- Cyber-attack “double extortion” is the new headache for small businesses
The discovery of the breach was made by WizCase researchers, led by Ata Hakçil. According to the team, the Android and Windows platforms are susceptible, while only users of iOS devices are immune to the opening, located at the end of last year and revealed to the public only now, in order to allow time for institutions to carry out their duties changes to their systems. From Brazil, the list includes names such as Unicamp, UFPR, UNIRIO, UFMT, Universidade de Brasília and more than two dozen others; 3,100 networks of this type around the world were analyzed, and more than half of the connections could be exploited by attackers due to a flaw in the certificate checking system.
By means of creating a fake connection with similar name and attributes, devices with automatic settings would bind to it and transmit their data, believing they are connected to the real infrastructure of the university. More specifically, the vulnerability is in a system called EAP, or Extensible Authentication Protocol. It is what allows, as in the case of Eduroam, for users to connect to Wi-Fi using their individual credentials and not a universal network password, with the user’s device transmitting their credentials in plain text in the last step of this check.
Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News.
Every day a summary of the main news in the tech world for you! The problem is that , once logged onto the network, the systems indicated as vulnerable do not carry out further checks as to the veracity of the certificates unless the infrastructure itself requests it; otherwise, they end up relying on previously saved settings and opening the door to the malicious Wi-Fi used in the attack. In many cases, even warnings that such features are out of date or not accepted are ignored by users, who do not know what the warning means or are used to seeing such error messages in universities without them posing any danger. According to WizCase, iOS is not vulnerable to attack, as it performs a server certificate check on each connection and does not allow it to be terminated if something is out of the standard. It is a feature, experts say, that can be configured by network administrators as a whole, in order to prevent user data theft, but it ends up being left out, too, due to the lack of specific indication in the configuration manuals of Eduroam. Another recommendation is regarding the use of the MSCHAPv2 protocol, which transmits user credentials in hash format, precisely to curb any network vulnerabilities. In these cases, the file would even be obtained by attackers, but in a format that is useless to use and without putting the information of those involved in danger. In response to experts, Eduroam said it works alongside from institutions that do not follow the security policies in the configuration of the network, a behavior that he considered unacceptable. However, the organization did not say whether it would change manuals or indicators, nor did it confirm whether the institutions indicated by the study would be notified to change the verification parameters of their wireless networks. Potentially affected users are recommended to change passwords used to access university systems and also other platforms that share the same credentials. It is also worth keeping an eye out for unauthorized connections or uses of your own account by third parties, in addition to being suspicious of messages sent by e-mail or containing links or application downloads. Source: WizCase Did you like this article? Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.
Every day a summary of the main news in the tech world for you!
The problem is that , once logged onto the network, the systems indicated as vulnerable do not carry out further checks as to the veracity of the certificates unless the infrastructure itself requests it; otherwise, they end up relying on previously saved settings and opening the door to the malicious Wi-Fi used in the attack. In many cases, even warnings that such features are out of date or not accepted are ignored by users, who do not know what the warning means or are used to seeing such error messages in universities without them posing any danger.
According to WizCase, iOS is not vulnerable to attack, as it performs a server certificate check on each connection and does not allow it to be terminated if something is out of the standard. It is a feature, experts say, that can be configured by network administrators as a whole, in order to prevent user data theft, but it ends up being left out, too, due to the lack of specific indication in the configuration manuals of Eduroam. Another recommendation is regarding the use of the MSCHAPv2 protocol, which transmits user credentials in hash format, precisely to curb any network vulnerabilities. In these cases, the file would even be obtained by attackers, but in a format that is useless to use and without putting the information of those involved in danger.
In response to experts, Eduroam said it works alongside from institutions that do not follow the security policies in the configuration of the network, a behavior that he considered unacceptable. However, the organization did not say whether it would change manuals or indicators, nor did it confirm whether the institutions indicated by the study would be notified to change the verification parameters of their wireless networks. Potentially affected users are recommended to change passwords used to access university systems and also other platforms that share the same credentials. It is also worth keeping an eye out for unauthorized connections or uses of your own account by third parties, in addition to being suspicious of messages sent by e-mail or containing links or application downloads.
Source: WizCase
Did you like this article?
Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.
521858