Update: Some Dell computers have vulnerable HTTPS credential, removal instructions issued

dell xps 13 2015 review lid logo
Greg Mombert/Digital Trends
Update 8:30AM 11/24/2015: Another statement has been issued. This one clarifies that the “eDellRoot” certificate was not malware or adware, but part of the company’s support services, and the resulting security flaw was unintentional. A removal tool has been made available. You can read Dell’s full blog post addressing the issue here.

Update 3:05PM 11/23/2015: Dell has issued an expanded statement about the security problem, stating it was unintended flaw, and that users will be able to fix the issue by following the company’s instructions.

Customer security and privacy is a top concern and priority for Dell. The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience. Unfortunately, the certificate introduced an unintended security vulnerability. To address this, we are providing our customers with instructions to permanently remove the certificate from their systems via direct email, on our support site and Technical Support. We are also removing the certificate from all Dell systems moving forward. Note, commercial customers who image their own systems will not be affected by this issue. Dell does not pre-install any adware or malware. The certificate will not reinstall itself once it is properly removed using the recommended Dell process.

It’d be better if the problem never existed in the first place, but Dell’s response has appeared much quicker than Lenovo’s handling of Superfish, which initially denied there was a problem at all.

Original text: It’s thought that systems currently being shipped by Dell might be carrying a major security flaw, leaving them wide open for potential attacks. Evidence of this error has been found on an Inspiron 5000 series notebook and an XPS 15 with a certificate called “eDellRoot,” but at this stage it’s difficult to get a handle on just how widespread the problem is.

The issue centers around the self-signed transport layer security credential, according to findings from Reddit reported by Ars Technica. Its existence makes it relatively simple for a hacker to slip past HTTPS protection protocols by forging a certificate to imitate the credentials of the self-signed “eDellRoot” certificate found on vulnerable Dell systems. With that bit of subterfuge complete, it would be possible for an attacker to imitate any website without the user knowing. Even most security programs can’t detect this sort of attack.

Remarkably, this problem was not caught by Dell, instead being investigated by a user who found a suspicious certificate named eDellRoot pre-installed on a new system. His claims were then corroborated by other users who found the same files present on their Dell computers.

Dell has since released a statement stressing that customer security and privacy is a ‘top concern’ in relation to pre-installed content. As such, an investigation into these suspect certificates in currently ongoing, and more updates for affected users are expected to be circulated by the company at the earliest opportunity.

Earlier this year, competing PC manufacturer Lenovo was the center of a similar uproar regarding pre-installed content that included a self-signed HTTPS certificate. In that case, Superfish adware was the guilty party — but the way that it opened up the computer it was installed upon resembled the exploit potentially lingering on Dell systems.

There are plenty of reasons why building a computer can be a better option than buying a stock system, but chief among them has to be complete control over what is installed upon it from the outset. In most cases, bloatware is the biggest problem, but a scenario like Dell’s snafu is something many users would prefer to steer clear of altogether.

Computing

It took Dell years to fix 1 problem on its best laptop. Here’s how it did it

The new Dell XPS 13 moves the webcam from the below the screen to the top, finally vanquishing the one obstacle facing thin, sleek laptop displays. We have the exclusive story on how it was done.
Product Review

Making a smart home can be a DIY job, but security should be left to the pros

Sure, you can DIY a smart home system, but when it comes to security, you should seriously consider professional monitoring and service. That’s where Vivint comes in. Is it worth the lofty price?
Gaming

Having issues with your PS4? Check out our solutions to its most common problems

Just because the PlayStation 4 is a remarkable system doesn't mean that it's immune to the occasional hiccup. Thankfully, we've vetted some of the bigger PS4 problems and found solutions for whatever might ail you.
Product Review

Controversy has dogged the MacBook Pro lately. Is it still a good purchase?

The MacBook Pro is a controversial laptop these days -- and that's unfortunate. Due to some divisive changes Apple made to the functionality of the MacBook Pro, fans are more split. Does the 8th-gen refresh change that?
Computing

Work and play anywhere with these portable, large-screen monitors

Via a recent and successful Kickstarter campaign by Unick, a new line of portable, large-screen monitors has been announced. The Gemini Taihe line of monitors offers two models: the Gemini FHD and the Gemini UHD.
Product Review

The Digital Storm Aventum X is an unstoppable gaming PC. Trust us, we tried

Packed with dual-Nvidia RTX 2080 Ti graphics card and a 9th-generation Intel Core i9 processor, the Aventum X is an infinitely upgradeable gaming PC that’s capable of far more performance than you’ll ever need.
Computing

‘Flexgate’ is the latest controversy plaguing some MacBook Pro owners

iFixit recently uncovered a new "Flexgate" issue with MacBook Pros after some consumers reported a "stage light" effect, where the backlighting on the device would fail and cause the bottom of the display to become slightly distorted.
Computing

Breeze through security with these checkpoint-friendly laptop bags

Getting through airport security is a drag, but your laptop bag shouldn’t be. Thankfully, these checkpoint-friendly laptop bags will get you and your gear to your destination with ease.
Computing

Ditch the backdrop from your photos with these handy tools

Need to know how to remove the background from an image? Here's how, whether you prefer to use a premium program like Photoshop or one of the many web-based alternatives currently in existence.
Computing

Think someone's leeching off your Wi-Fi connection? Here's how to find out

It's important to find out immediately if anyone is stealing your bandwidth. Here's how to tell if someone is stealing your Wi-Fi using a few simple tools, along with some suggestions on improving security.
Computing

Open RAR files with the greatest of ease using these awesome applications

Few things are more bothersome than not being able to open a file when you need it most. Check out our quick guide about how to open RAR files in Windows and MacOS. We will walk you through the process, step by step.
Web

Google Chrome’s latest decision could prevent most ad-blockers from functioning

Google Chrome's newest change is cited as a step forward for speed and security, but could profoundly alter how the majority of ad-blocking extensions operate. The move potentially gives Google more control over which ads can be blocked.
Computing

Samsung permits peek at an eye-popping, 15-inch 4K OLED laptop display

Samsung is now preparing for the new OLED laptop trend and is providing a look at an eye-popping 15.6-inch 4K OLED panel that is expected to power larger premium laptops in the new year.
Music

Here's our head-to-head comparison of Pandora and Spotify

Which music streaming platform is best for you? We pit Spotify versus Pandora, two mighty streaming services with on-demand music and massive catalogs, comparing every facet of the two services to help you decide which is best.