The Pharmer in the Dell: Redux
Ten years ago, in 2005, Dell tried sneaking malware/PUPs onto their computers and we wrote it up and called them out. In 2012 we republished the article ( with some changes ) because Dell again tried to trick consumers into purchasing computers with pre-installed malware and/or PUPs.
Well, the more things change, the more they stay the same. Dell is calling “Foul!” because, they claim, they had no idea Dell certificate was very similar to the Superfish malware that Lenovo installed on their computer a couple of years ago. Dell got caught (as did Lenovo) and are trying to walk it back.
Our friends at Emsisoft have written a great article about Dell’s faux pas and we’ve republished it (below). We found this article spot on and informative; we hope you do as well.
Superfish reloaded: eDellRoot certificate punching a huge security hole in your new Dell computer
If you have recently bought a new Dell computer, it could come with a very dangerous security flaw. The flaw means that that malicious websites or software could be automatically trusted by Dell’s security software. It also means you are vulnerable, when using public Wi-Fi networks, to so-called ”man-in-the-middle” attacks.
Dell has acknowledged that a self-signed root certificate called eDellRoot, pre-installed on its new PCs, introduces the security vulnerability. The certificate was implemented as part of a support tool and intended to make it faster and easier for its customers to service their system. However, being a “self-signed” certificate, eDellRoot enables attackers to intercept traffic from an affected Dell laptop and any HTTPS-enabled website. The hacker can then act as proxy between the laptop and the website by re-encrypting the traffic with a rogue certificate that’s signed with the eDellRoot private key.
It’s not yet clear how many models are affected, although users have reported finding it on Dell XPS 15 and XPS 13 models, as well as a Latitude and an Inspiron 5000 series model.
Dell is now providing customers with removal instructions and says it will not add it to new devices going forward. The removal instructions can be downloaded here.
Dell fishing for trouble with this latest security flaw
It is an extremely embarrassing situation for the company, which publicly criticised its competitor Lenovo in February this year when Lenova pre-installed a program called Superfish that included a self-signed root certificate.
As one Dell XPS 15 laptop user says, “To add insult to injury, it’s not even apparent what purpose the certificate serves. At least with Superfish we knew that their rogue root CA was needed to inject ads into your web pages; the reason Dell’s is there is unclear.”
If you have recently bought a Dell computer and want to see if you are affected by this, go to Start -> type “certmgr.msc” -> (accept on UAC prompt) -> Trusted Root Certification Authorities -> Certificates and check if you have an entry with the name “eDellRoot”.