Update 11/24/1015: Dell Responds to the Security Concerns: Dell has officially responded to the eDellRoot issue on its Support blog. It released a manual: eDellRoot Certificate Removal Instructions as well as a small utility (direct link) that will remove it automatically for you. You can test if you have the eDellRoot Certificate by clicking this link (which we explain below). If you do have it, we suggest you read Dell’s blog post, download the PDF, and follow the instructions for getting rid of it. It’s also worth noting that today we discovered it’s not just an issue with laptops (which we originally reported. In fact, this is a problem with all form factors of Dell PCs. If you have a Dell PC you should check if eDellRoot is on your system. For the full story read our report below.
eDellRoot Certificate Security Risk
In what is turning out to be another déjà vu, Dell Inc, it was discovered over the weekend, has (since August) been slipping a rootkit certificate called eDellRoot to assist with what the company claims to be easier access to support services for their customers. A message by a Reddit poster who goes by the name rotorcowboy posted details on the popular social media site about the discovery. Just a refresher, Lenovo received tremendous backlash when it was discovered the company had been loading a similar rootkit certificate called superfish on select Lenovo devices. The company received so much bad press for the act that some have said the incident probably tarnished the company’s long-standing reputation as a popular brand among consumers and businesses. With Lenovo being a Chinese-owned company and the recent icy political relations with China and the US, the company has been trying to rebuild trust with consumers ever since. The incident was so bad that Microsoft had to help with the clean up by issuing a definition update for Windows Defender that assisted with removing the certificate. So far, users have found the vulnerable certificate on the Dell Inspiron 5000, XPS 15 and XPS 13. Since this is a new development, it could be on other Dell PCs on the market, too. The incident was thought to have been a proper warning for other vendors, but obviously, Dell, one of the top three PC makers, seems to have fallen through the cracks. The company is trying to turn things around already by issuing the following statement to the media: A Dell representative also made a statement to The Verge saying: “We have a team investigating the current situation and will update you as soon as we have more information.” Unfortunately, the certificate introduced an unintended security vulnerability. To address this, we are providing our customers with instructions to permanently remove the certificate from their systems via direct email, on our support site and Technical Support. We are also removing the certificate from all Dell systems moving forward. Note, commercial customers who image their own systems will not be affected by this issue. Dell does not pre-install any adware or malware. The certificate will not reinstall itself once it is properly removed using the recommended Dell process. Because there are no details on which systems might be affected, customers will have to depend on Dell for assistance.
Is Your Dell PC at Risk? Here’s How to Test It
If you want to know if your system might be affected, you can check this website created by security journalist Hanno Böck to test your system for its presence.
Research so far has provided proof of concept scenarios where the eDellRoot could be manipulated and used for valid certificates that could trigger attacks. It seems that problem is not limited to the models listed above, but as rightly stated above can be in several other Dell Laptops. Bad Business Dell.. I have just checked on one of our brand new Dell R430 servers at it fails the test. Scary S Comment Name * Email *
Δ Save my name and email and send me emails as new comments are made to this post.