By Patrick Allan, Lifehacker, Nov. 25, 2015 – Security researchers recently revealed that a certificate with security vulnerabilities has been shipping pre-installed on some Dell laptops. Here’s what you need to know about this Superfish-like vulnerability, and how you can check to see if your Dell laptop is affected.
The certificate, called eDellRoot, causes any affected computers to trust any SSL certificate it signs. Because the key is stored locally, an attacker could forge a signed key and expose users on the machine to man-in-the-middle SSL attacks. According to the US Comptuer Emergency Readiness Team (US-CERT), that means you could be vulnerable to an attacker impersonating web sites (even ones that look like they’re HTTPS.) A falsely signed certificate can also let an attacker send email or sign and install software that slides past Windows’ built-in security or your anti-malware tools. Additionally, any encrypted network traffic and other data could be accessed and captured by the third party, HTTPS traffic to legitimate sites can be captured and decrypted.
The Dell Inspiron 5000, XPS 15, and XPS 13 have the certificate pre-installed, but Dell is still unsure how many computers out there are actually affected.
Fortunately, Dell has already provided a fix for finding the certificate and revoking its permissions. It can be a complicated task for those who don’t normally go digging in their operating system, but Dell has issued step-by-step instructions for removing the certificate. If your machine is affected, it’s important to remove the certificate and the DFS component that re-installs the certificate.
Update: Dell has included an automatic removal tool in its certificate removal instructions to make the process much easier (link is on page 3). Dell will also push a software update starting sometime today that will check for the certificate, and if detected remove it. Lastly, we mistakenly recommended a check tool from security researcher slipstream/RoL, but this tool actually checks for another issue related to the same software.