• 7/18/2014

Insecure configuration of the eduroam WiFi:

TUM-access data can be read by Android

A warning issued by the German Research Network: unprotected user data due to the default <link http://www.dfn-cert.de/aktuell/Google-Android-Eduroam-Zugangsdaten.html>WiFi-configuration</link> for Android devices with versions 4.X. The TUM’s eduroam wireless network is affected by the configuration problem too. <br /><br />

Student with laptop
The eduroam Wi-Fi in Munich: very handy, but not without pitfalls. (Photo: Andreas Heddergott)

Here, the TUM-user name and password can be read out without the users noticing. Check your device’s “settings“ to check whether it has a vulnerable version installed. Depending on the manufacturer, you should be able to find the relevant information under menu items such as "About phone" / "About tablet" / " Phone info" or similar. If you are using a Samsung device, select the "Options" first to access the device information.

If you have Android 4.X installed, select the eduroam configuration-button to see whether "not specified" is selected for the CA certificate. If so, the necessary "Telekom Root CA certificate" is missing.

Important: protection by screen lock

If there is no active certificate, please proceed as described in this manual to install the "Telekom Root CA certificate ".

Note: In order to use certificates on an Android device, the device must be protected by a screen lock (PIN, pattern, etc.). If this is currently not the case, you will be prompted to set up a screen lock during the installation of the certificate. The lock can then only be disabled later if you delete all installed certificates.

The TUM’s IT-support can help

Eduroam is a free, campus-wide Wi-Fi network (also accessible in parts of the inner city) for all students. Click here for instructions on how to set up eduroam with earlier versions of Android or other operating systems.

If you have any questions or are unsure what to do, please feel free to contact our IT Support at it-supportspam prevention@tum.de

Technical University of Munich

Corporate Communications Center

Back to list