Dell apologizes about their latest scandal, admitting a root certificate set up on their laptop computers was a bad idea. The company is now putting all of their efforts into completely removing it.
Dell Apologizes For Installing Security Holes on Laptops
In a blog post company representative Laura Thomas says eDellRoot was installed as a support tool to make it faster and easier for clients to service the devices. However, several of those customers discovered the certificate and identified it as a serious home security threat.
The blog post says that the company has actually posted guidelines to permanently get rid of the certificate from your system. Dell will also likewise bring a software update starting on November 24 that will look for the certification, and if found, remove it. Commercial clients who reimaged their systems without Dell Foundation Services are not affected by this issue. In addition, the certificate will certainly be gone off from all Dell systems moving forward. The post did not specify which models from which years may or may not have this security hole.
The Certificate Makes Man in the Middle Attacks Easier
The issue, based on a Dell customer who uncovered it, developer Kevin Hicks, is that the certificate could be made use of to authorize malicious code, licensing that it is safe to download when it’s not. A network attacker can use this CA to sign his/her very own fake certifications for use on genuine websites as well as an afflicted Dell user would have no idea unless they were actively monitoring the certificate.
Users Found the Certificate By Accident
Hicks states he found the certificate by chance, finding it while taking care of something else entirely. Hicks and others that discovered eDellRoot claim its possible effect were similar to that of Superfish, the adware that was installed on new Lenovo computer systems earlier this year. It proxied HTTPS connections to Web websites, making it a possible place for aggressors to carry out man-in-the-middle attacks versus the influenced equipment.
