By Patrick Allan, Lifehacker, Nov. 25, 2015 – Security researchers recently revealed that a certificate with security vulnerabilities has been shipping pre-installed on some Dell laptops. Here’s what you need to know about this Superfish-like vulnerability, and how you can check to see if your Dell laptop is affected.
The certificate, called eDellRoot, causes any affected computers to trust any SSL certificate it signs. Because the key is stored locally, an attacker could forge a signed key and expose users on the machine to man-in-the-middle SSL attacks. According to the US Comptuer Emergency Readiness Team (US-CERT), that means you could be vulnerable to an attacker impersonating web sites (even ones that look like they’re HTTPS.) A falsely signed certificate can also let an attacker send email or sign and install software that slides past Windows’ built-in security or your anti-malware tools. Additionally, any encrypted network traffic and other data could be accessed and captured by the third party, HTTPS traffic to legitimate sites can be captured and decrypted.
The Dell Inspiron 5000, XPS 15, and XPS 13 have the certificate pre-installed, but Dell is still unsure how many computers out there are actually affected.
Fortunately, Dell has already provided a fix for finding the certificate and revoking its permissions. It can be a complicated task for those who don’t normally go digging in their operating system, but Dell has issued step-by-step instructions for removing the certificate. If your machine is affected, it’s important to remove the certificate and the DFS component that re-installs the certificate.
Update: Dell has included an automatic removal tool in its certificate removal instructions to make the process much easier (link is on page 3). Dell will also push a software update starting sometime today that will check for the certificate, and if detected remove it. Lastly, we mistakenly recommended a check tool from security researcher slipstream/RoL, but this tool actually checks for another issue related to the same software.
Disclaimer
The information contained in South Florida Reporter is for general information purposes only.
The South Florida Reporter assumes no responsibility for errors or omissions in the contents of the Service.
In no event shall the South Florida Reporter be liable for any special, direct, indirect, consequential, or incidental damages or any damages whatsoever, whether in an action of contract, negligence or other tort, arising out of or in connection with the use of the Service or the contents of the Service. The Company reserves the right to make additions, deletions, or modifications to the contents of the Service at any time without prior notice.
The Company does not warrant that the Service is free of viruses or other harmful components
