Missing root certificate on Android
Posted on January 25, 2016 by Julian Biendarra ‐ 1 min read
Heise and other media recently reported a security vulnerability under Android that has probably been known for quite some time. Android users who use the eduroam WLAN network should install Telekom’s root certificate, otherwise their device will connect to any access point called eduroam without checking. This way, attackers can use a fake access point to spy out the username and password of the LRZ identifier.
If you have an Android smartphone or tablet, you can download the root certificate from the LRZ pages: www.lrz.de/fragen/faq/wlan/. Afterwards you can store it in the WLAN settings for eduroam.
Tip: If you normally use Firefox, you should use e.g. Chrome, because Firefox has its own certificate store and will tell you that the certificate is already installed.