Skip to main content

Update: Some Dell computers have vulnerable HTTPS credential, removal instructions issued

Update 8:30AM 11/24/2015: Another statement has been issued. This one clarifies that the “eDellRoot” certificate was not malware or adware, but part of the company’s support services, and the resulting security flaw was unintentional. A removal tool has been made available. You can read Dell’s full blog post addressing the issue here.

Update 3:05PM 11/23/2015: Dell has issued an expanded statement about the security problem, stating it was unintended flaw, and that users will be able to fix the issue by following the company’s instructions.

Recommended Videos

Customer security and privacy is a top concern and priority for Dell. The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience. Unfortunately, the certificate introduced an unintended security vulnerability. To address this, we are providing our customers with instructions to permanently remove the certificate from their systems via direct email, on our support site and Technical Support. We are also removing the certificate from all Dell systems moving forward. Note, commercial customers who image their own systems will not be affected by this issue. Dell does not pre-install any adware or malware. The certificate will not reinstall itself once it is properly removed using the recommended Dell process.

It’d be better if the problem never existed in the first place, but Dell’s response has appeared much quicker than Lenovo’s handling of Superfish, which initially denied there was a problem at all.

Original text: It’s thought that systems currently being shipped by Dell might be carrying a major security flaw, leaving them wide open for potential attacks. Evidence of this error has been found on an Inspiron 5000 series notebook and an XPS 15 with a certificate called “eDellRoot,” but at this stage it’s difficult to get a handle on just how widespread the problem is.

The issue centers around the self-signed transport layer security credential, according to findings from Reddit reported by Ars Technica. Its existence makes it relatively simple for a hacker to slip past HTTPS protection protocols by forging a certificate to imitate the credentials of the self-signed “eDellRoot” certificate found on vulnerable Dell systems. With that bit of subterfuge complete, it would be possible for an attacker to imitate any website without the user knowing. Even most security programs can’t detect this sort of attack.

Remarkably, this problem was not caught by Dell, instead being investigated by a user who found a suspicious certificate named eDellRoot pre-installed on a new system. His claims were then corroborated by other users who found the same files present on their Dell computers.

Dell has since released a statement stressing that customer security and privacy is a ‘top concern’ in relation to pre-installed content. As such, an investigation into these suspect certificates in currently ongoing, and more updates for affected users are expected to be circulated by the company at the earliest opportunity.

Earlier this year, competing PC manufacturer Lenovo was the center of a similar uproar regarding pre-installed content that included a self-signed HTTPS certificate. In that case, Superfish adware was the guilty party — but the way that it opened up the computer it was installed upon resembled the exploit potentially lingering on Dell systems.

There are plenty of reasons why building a computer can be a better option than buying a stock system, but chief among them has to be complete control over what is installed upon it from the outset. In most cases, bloatware is the biggest problem, but a scenario like Dell’s snafu is something many users would prefer to steer clear of altogether.

Brad Jones
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Looking for an OLED laptop? Get the Samsung Galaxy Book4 Ultra at $400 off
The screen of the Galaxy Book4 Ultra.

While Samsung Galaxy deals are often linked to smartphones and tablets, you can also score huge discounts on other types of devices. For example, you can currently buy the Samsung Galaxy Book4 Ultra at $400 off from Samsung itself, which brings its price down from $2,400 to $2,000. This premium laptop isn't going to stay on sale for long though, so if you're interested in this bargain, you need to push forward with your purchase as soon as you can to make sure you pocket the savings.

Why you should buy the Samsung Galaxy Book4 Ultra laptop

Read more
This iBuyPower gaming PC with 16GB of RAM is on sale for $830
The iBuyPower Element SE gaming PC on a white background.

For gaming PC deals that will give you excellent value, you should check out iBuyPower offers. Here's one from Best Buy: the iBuyPower Element SE gaming desktop at $100 off, which pulls its price down from $930 to $830. Gamers who are looking for a gaming PC for less than $1,000 won't want to miss this bargain, but you're going to have to hurry if you're interested because there's no assurance that the discount will still be online by tomorrow.

Why you should buy the iBuyPower Element SE gaming PC

Read more
The Dell XPS 13 and XPS 14 are both on sale at $300 off — hurry!
Angled front view of the Dell XPS 13 with Snapdragon X Elite processor inside.

Are you in the market for a new laptop? You simply can't go wrong with any of the Dell XPS deals that are available, and we've identified two of the best ones you can shop right now. The Dell XPS 13 9350, originally sold for $1,400, is down to $1,100 for savings of $300, while the Dell XPS 14 9440, which has a sticker price of $1,560, is on sale for $1,260, also following a $300 discount.

Following the Dell XPS reset early last year, the Dell XPS 13 and the Dell XPS 14 have further blossomed in popularity. That means you'll have to act fast if you're interested in either of these laptop deals though, as the stocks up for sale may run out at any moment.

Read more