Dell ships laptops with certificate vulnerabilities
- By Derek Major
- Nov 30, 2015
Dell has acknowledged that a security hole exists in its recently shipped laptops that can allow hackers to intercept users’ private information.
The eDellRoot certificate began getting installed on laptops in August, according to a company spokeswoman. Dell did not say how many computers or which specific models are affected, but did say on its blog that enterprise customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward.
According to a Reuters article, the eDellRoot pre-installed certificate and key makes the laptops vulnerable to cyber intrusions by allowing hackers to read encrypted messages and redirect browser traffic to spoofs of real websites that might contain malware. Because all Dell systems apparently use the same key and certificate, hackers could use the key to create certificates for any domain, and Dell systems with this eDellRoot certificate would trust it, Johannes Ullrich, dean of research for the SANS Technology Institute, wrote on the InfoSec Handlers Diary Blog.
Dell released a patch, along with with instructions and software to manually fix the problem.
A second, similar problem was discovered in the e Dell System Detect application and its DSDTestProvider root certificate.
The impact from Dell System Detect is limited to customers who used the “detect product” functionality on the Dell support site between Oct. 20 and Nov. 24, 2015. Dell said that enterprise customers can either manually remove the certification or use system management tools like the System Center Configuration Manager to do so.
“Dell laptops ship with a preinstalled root certificate and a private key,” said security researcher Hanno Böck on his blog. Because the eDellRoot default private key has also now been published, Böck said, “attackers can use man-in-the-middle attacks against Dell users to show them manipulated HTTPS webpages or read their encrypted data.”
Deleting the offending root certificate -- which is valid until 2039 -- won't fix the flaw, Ullrich told BankInfoSecurity, because Dell Foundation Services will simply reinstall it. Instead, users must first disable Dell Foundation Services and then delete the eDellRoot certificate.
Derek Major is a former reporter for GCN.