Skip to main content

Update: Some Dell computers have vulnerable HTTPS credential, removal instructions issued

dell xps 13 2015 review lid logo
Greg Mombert/Digital Trends
Update 8:30AM 11/24/2015: Another statement has been issued. This one clarifies that the “eDellRoot” certificate was not malware or adware, but part of the company’s support services, and the resulting security flaw was unintentional. A removal tool has been made available. You can read Dell’s full blog post addressing the issue here.

Update 3:05PM 11/23/2015: Dell has issued an expanded statement about the security problem, stating it was unintended flaw, and that users will be able to fix the issue by following the company’s instructions.

Customer security and privacy is a top concern and priority for Dell. The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience. Unfortunately, the certificate introduced an unintended security vulnerability. To address this, we are providing our customers with instructions to permanently remove the certificate from their systems via direct email, on our support site and Technical Support. We are also removing the certificate from all Dell systems moving forward. Note, commercial customers who image their own systems will not be affected by this issue. Dell does not pre-install any adware or malware. The certificate will not reinstall itself once it is properly removed using the recommended Dell process.

It’d be better if the problem never existed in the first place, but Dell’s response has appeared much quicker than Lenovo’s handling of Superfish, which initially denied there was a problem at all.

Original text: It’s thought that systems currently being shipped by Dell might be carrying a major security flaw, leaving them wide open for potential attacks. Evidence of this error has been found on an Inspiron 5000 series notebook and an XPS 15 with a certificate called “eDellRoot,” but at this stage it’s difficult to get a handle on just how widespread the problem is.

The issue centers around the self-signed transport layer security credential, according to findings from Reddit reported by Ars Technica. Its existence makes it relatively simple for a hacker to slip past HTTPS protection protocols by forging a certificate to imitate the credentials of the self-signed “eDellRoot” certificate found on vulnerable Dell systems. With that bit of subterfuge complete, it would be possible for an attacker to imitate any website without the user knowing. Even most security programs can’t detect this sort of attack.

Remarkably, this problem was not caught by Dell, instead being investigated by a user who found a suspicious certificate named eDellRoot pre-installed on a new system. His claims were then corroborated by other users who found the same files present on their Dell computers.

Dell has since released a statement stressing that customer security and privacy is a ‘top concern’ in relation to pre-installed content. As such, an investigation into these suspect certificates in currently ongoing, and more updates for affected users are expected to be circulated by the company at the earliest opportunity.

Earlier this year, competing PC manufacturer Lenovo was the center of a similar uproar regarding pre-installed content that included a self-signed HTTPS certificate. In that case, Superfish adware was the guilty party — but the way that it opened up the computer it was installed upon resembled the exploit potentially lingering on Dell systems.

There are plenty of reasons why building a computer can be a better option than buying a stock system, but chief among them has to be complete control over what is installed upon it from the outset. In most cases, bloatware is the biggest problem, but a scenario like Dell’s snafu is something many users would prefer to steer clear of altogether.

Editors' Recommendations

Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Another vulnerability found in Dell’s security bloatware, users must update ASAP
Dell Latitude 7400 2-in-1 review

It's been a rough week for security issues at Dell. A serious security vulnerability in the company's SupportAssist software was disclosed by cybersecurity firm SafeBreach, and revealed to effect not only Dell machines but also other OEMs which used the rebranded software on their computers. Dell swiftly released a patch for the vulnerability, which they reminded users about in a security advisory on Thursday. Most users have already been upgraded to the latest version of the software, but if you have a Dell machine you should check that you have the update straight away.

The SupportAssist software is designed to protect machines from malware, but this isn't the first time the software itself has been revealed to have a vulnerability. Back in April, security research Bill Demirkapi found a vulnerability which allowed Remote Code Execution through the security software. The feature was supposed to allow drivers to be updated through Dell's website, but it exposed users to security threats which could have allowed attackers to find sensitive information and to execute their own code on people's machines.

Read more
Older versions of Windows have critical vulnerability, should be updated ASAP
windows 7 still dominates the desktop os market with a 60 percent majority hp laptop

If you're running an older version of Windows, it's vital to update it as soon as possible. Microsoft has warned about a critical security issue called BlueKeep which makes older Windows machines vulnerable to malware.

The vulnerability is technically known as CVE-2019-0708, and is found in Remote Desktop Services. It is a particular concern because the vulnerability is "wormable," meaning that if a computer is infected through this vulnerability, it can pass on the malware to other computers. This is what allowed the WannaCry malware to spread so quickly and so far in 2017.

Read more
USB drive issue blocks some PCs from receiving Windows 10 May 2019 update
Stock photo of Surface laptop

A USB drive issue has resulted in the blocking of some PCs from receiving the upcoming May 2019 Windows 10 update.

According to TechRadar, while the May 2019 update for Windows 10 hasn’t been released to the public yet, the update is already being blocked from being received by certain PCs due to a particularly worrying USB drive error.

Read more