Dell ships laptops with certificate vulnerabilities

Dell ships laptops with certificate vulnerabilities

Dell has acknowledged that a security hole exists in its recently shipped laptops that can allow  hackers to intercept users’ private information.

The eDellRoot certificate began getting installed on laptops in August, according to a company spokeswoman. Dell did not say how many computers or which specific models are affected, but did say on its blog that enterprise customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward.

According to a Reuters article, the eDellRoot pre-installed certificate and key makes the laptops vulnerable to cyber intrusions by allowing hackers to read encrypted messages and redirect browser traffic to spoofs of real websites that might contain malware.  Because all Dell systems apparently use the same key and certificate, hackers could use the key to create certificates for any domain, and Dell systems with this eDellRoot certificate would trust it, Johannes Ullrich, dean of research for the SANS Technology Institute, wrote on the InfoSec Handlers Diary Blog.

Dell released a patch, along with with instructions and software to manually fix the problem.

A second, similar problem was discovered in the e Dell System Detect application and its DSDTestProvider root certificate.

The impact from Dell System Detect is limited to customers who used the “detect product” functionality on the Dell support site between Oct. 20 and Nov. 24, 2015. Dell said that enterprise customers can either manually remove the certification or use system management tools like the System Center Configuration Manager to do so.

“Dell laptops ship with a preinstalled root certificate and a private key,” said security researcher Hanno Böck on his blog. Because the eDellRoot default private key has also now been published, Böck said, “attackers can use man-in-the-middle attacks against Dell users to show them manipulated HTTPS webpages or read their encrypted data.”

Deleting the offending root certificate -- which is valid until 2039 -- won't fix the flaw, Ullrich told BankInfoSecurity, because Dell Foundation Services will simply reinstall it. Instead, users must first disable Dell Foundation Services and then delete the eDellRoot certificate.

About the Author

Derek Major is a former reporter for GCN.


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected