Dell ships laptops with certificate vulnerabilities

Dell ships laptops with certificate vulnerabilities

Dell has acknowledged that a security hole exists in its recently shipped laptops that can allow  hackers to intercept users’ private information.

The eDellRoot certificate began getting installed on laptops in August, according to a company spokeswoman. Dell did not say how many computers or which specific models are affected, but did say on its blog that enterprise customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward.

According to a Reuters article, the eDellRoot pre-installed certificate and key makes the laptops vulnerable to cyber intrusions by allowing hackers to read encrypted messages and redirect browser traffic to spoofs of real websites that might contain malware.  Because all Dell systems apparently use the same key and certificate, hackers could use the key to create certificates for any domain, and Dell systems with this eDellRoot certificate would trust it, Johannes Ullrich, dean of research for the SANS Technology Institute, wrote on the InfoSec Handlers Diary Blog.

Dell released a patch, along with with instructions and software to manually fix the problem.

A second, similar problem was discovered in the e Dell System Detect application and its DSDTestProvider root certificate.

The impact from Dell System Detect is limited to customers who used the “detect product” functionality on the Dell support site between Oct. 20 and Nov. 24, 2015. Dell said that enterprise customers can either manually remove the certification or use system management tools like the System Center Configuration Manager to do so.

“Dell laptops ship with a preinstalled root certificate and a private key,” said security researcher Hanno Böck on his blog. Because the eDellRoot default private key has also now been published, Böck said, “attackers can use man-in-the-middle attacks against Dell users to show them manipulated HTTPS webpages or read their encrypted data.”

Deleting the offending root certificate -- which is valid until 2039 -- won't fix the flaw, Ullrich told BankInfoSecurity, because Dell Foundation Services will simply reinstall it. Instead, users must first disable Dell Foundation Services and then delete the eDellRoot certificate.

About the Author

Derek Major is a former reporter for GCN.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected