Computer company Dell has admitted that it unwittingly built a serious security flaw into the computers it was selling.
Advertisement
The certificate, called eDellRoot, causes any affected computers to trust any SSL certificate it signs. “Dell’s corporate customers need to panic”.
“Each application we pre-load undergoes security, privacy and usability testing to ensure that our customers experience the best possible computing performance, faster set-up and reduced privacy and security concerns”, the company stated in its ad.
A classic example of a man-in-the-middle attack is a criminal in a cafe waiting for an affected Dell machine to log on to the public Wi-Fi network.
Security experts have warned that attackers could easily clone these certificates by using hacker tools to extract the private key contained by the certificates to impersonate any HTTPS-protected website or to impersonate Dell, which would enable attackers to steal personal data, install data-stealing malware, or hijack the PC as part of a botnet.
The attackers could then intercept all the web traffic on the targeted device and read it, store it or even modify it. This includes both encrypted and unencrypted traffic.
Security researchers and Dell advised users to delete the Dell.
Attackers could also use the eDellRoot private key to generate certificates that could be used to sign malware files. Malicious system drivers signed with such a rogue certificate would also bypass the driver signature verification in 64-bit versions of Windows.
Dell’s security misstep parallels PC manufacturer Lenovo earlier this year acknowledging that it had been preinstalling Superfish adware on many of its PCs, and that the bloatware was installing a root certificate that could likewise be used to intercept communications and launch man-in-the-middle attacks against users (see Time to Ban the “Bloatware”).
The name of the certificate is eDellRoot that is pre-installed on Dell laptops: Inspiron 5000, XPS 15 and XPS 13 models. It is understood that Dell is now investigating this new vulnerability. The certificate has been found on at least one older machine: a Dell Venue Pro 11 tablet dating from April. Most surprisingly, one of those systems appears to be part of a SCADA (Supervisory Control and Data Acquisition) set-up, like those used to control industrial processes.
Researchers from security firm Duo Security found a second eDellRoot certificate with a different fingerprint on 24 systems scattered around the world.
Other users also reported the presence of another certificate called DSDTestProvider on some Dell computers. To do so, he says to “start certmgr.msc, select “Trusted Root Certification Authorities” and “Certificates” [and] look for eDellRoot”. Users are prompted to download and install this tool when they visit the Dell support website and click the “Detect Product” button. However, the instructions might prove too hard for a user with no technical knowledge to follow. “We are proactively pushing a software update to address the issue and have also updated instructions on our site to permanently remove the certificate”. “I suggest ‘international first class, ‘ because if they can afford $10,000 for a ticket, they probably have something juicy on their computer worth hacking”.
Advertisement
Dell did not immediately respond to a request for comment.
