Security researchers recently revealed that a certificate with security vulnerabilities has been shipping pre-installed on some Dell laptops. Here’s what you need to know about this Superfish-like vulnerability, and how you can check to see if your Dell laptop is affected.
The certificate, called eDellRoot, causes any affected computers to trust any SSL certificate it signs. Because the key is stored locally, an attacker could forge a signed key and expose users on the machine to man-in-the-middle SSL attacks. According to the US Comptuer Emergency Readiness Team (US-CERT), that means you could be vulnerable to an attacker impersonating web sites (even ones that look like they’re HTTPS.) A falsely signed certificate can also let an attacker send email or sign and install software that slides past Windows’ built-in security or your anti-malware tools. Additionally, any encrypted network traffic and other data could be accessed and captured by the third party, HTTPS traffic to legitimate sites can be captured and decrypted.
The Dell Inspiron 5000, XPS 15, and XPS 13 have the certificate pre-installed, but Dell is still unsure how many computers out there are actually affected. If you want to check your machine for the vulnerability, Joseph Cox at Motherboard gave light to a simple tool for checking your system created by security researcher slipstream/RoL (@TheWack0lian). The tool autoplays audio, so don’t be alarmed.
Fortunately, Dell has already provided a fix for finding the certificate and revoking its permissions. It can be a complicated task for those who don’t normally go digging in their operating system, but Dell has issued step-by-step instructions for removing the certificate. If your machine is affected, it’s important to remove the certificate and the DFS component that re-installs the certificate.
You can read the statement Dell issued at the link below.
Response to Concerns Regarding eDellRoot Certificate [Direct2Dell Official Dell Corporate Blog via The Verge and Ars Technica]