News
News Categories

Dell computers shipped after August could have easily cloneable root certificates

By Kenny Yeo - on 24 Nov 2015, 10:06am

Dell computers shipped after August could have easily cloneable root certificates

Image source: Dell

According to numerous reports, Dell is shipping computers that comes preinstalled with easily cloneable root certificates that could let hackers snoop on a machine's encrypted data.

In a move that some are calling "eerily similar" to Lenovo's Superfish debacle, it is reported that notebook from Dell that were shipped after August all come with a digital certificate that allows hackers to cryptographically impersonate any HTTPS-protected website.

The problem lies with a self-signed transport layer security credential called eDellRoot, which comes preinstalled as a root certificate on at least two Dell notebooks - the Inspiron 5000 and XPS 15. Other models are also reported infected, including Dell Inspiron desktops and various Latitude and Precision models.

The discovery was made by Joe Nord, a programmer, who showed the certificate as it appeared in the Microsoft Management Console, including the private key that underpins it. Later, another Dell customer took to Twitter to say that his computer has the same exact digital certificate with the same exact private keys.

Attackers can exploit this to intercept traffic from an affected Dell laptop and a HTTPS-enabled website. They can then act as proxy between the laptop and the website by re-encrypting the traffic with a rogue certificate that's signed with the eDellRoot private key. This is known as a man-in-the-middle attack and can be executed over public Wi-Fi networks or by hacking into routers.

Dell commented that this was to make it easier for its customer service professionals to identify computers during customer-support requests. But now says that a security update is on the way. In the mean time, it has shared instructions on how the flawed certificate can be deleted.

Dell users can test their computers by visiting this test website setup by a security expert Kenneth White. If it loads with no certificate error, your computer could have eDellRoot certificate installed.

Meanwhile, affected users can remove the certificate with the Microsoft Management Console. To open it, users can press the Windows key + R, type "certlm.msc" and hit Run. The certificate should be under Trusted Root Certificate Authorities > Certificates.

Source: Ars Technica, Wall Street Journal, PC World

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.