Update: Some Dell computers have vulnerable HTTPS credential, removal instructions issued

dell xps 13 2015 review lid logo
Greg Mombert/Digital Trends
Update 8:30AM 11/24/2015: Another statement has been issued. This one clarifies that the “eDellRoot” certificate was not malware or adware, but part of the company’s support services, and the resulting security flaw was unintentional. A removal tool has been made available. You can read Dell’s full blog post addressing the issue here.

Update 3:05PM 11/23/2015: Dell has issued an expanded statement about the security problem, stating it was unintended flaw, and that users will be able to fix the issue by following the company’s instructions.

Customer security and privacy is a top concern and priority for Dell. The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience. Unfortunately, the certificate introduced an unintended security vulnerability. To address this, we are providing our customers with instructions to permanently remove the certificate from their systems via direct email, on our support site and Technical Support. We are also removing the certificate from all Dell systems moving forward. Note, commercial customers who image their own systems will not be affected by this issue. Dell does not pre-install any adware or malware. The certificate will not reinstall itself once it is properly removed using the recommended Dell process.

It’d be better if the problem never existed in the first place, but Dell’s response has appeared much quicker than Lenovo’s handling of Superfish, which initially denied there was a problem at all.

Original text: It’s thought that systems currently being shipped by Dell might be carrying a major security flaw, leaving them wide open for potential attacks. Evidence of this error has been found on an Inspiron 5000 series notebook and an XPS 15 with a certificate called “eDellRoot,” but at this stage it’s difficult to get a handle on just how widespread the problem is.

The issue centers around the self-signed transport layer security credential, according to findings from Reddit reported by Ars Technica. Its existence makes it relatively simple for a hacker to slip past HTTPS protection protocols by forging a certificate to imitate the credentials of the self-signed “eDellRoot” certificate found on vulnerable Dell systems. With that bit of subterfuge complete, it would be possible for an attacker to imitate any website without the user knowing. Even most security programs can’t detect this sort of attack.

Remarkably, this problem was not caught by Dell, instead being investigated by a user who found a suspicious certificate named eDellRoot pre-installed on a new system. His claims were then corroborated by other users who found the same files present on their Dell computers.

Dell has since released a statement stressing that customer security and privacy is a ‘top concern’ in relation to pre-installed content. As such, an investigation into these suspect certificates in currently ongoing, and more updates for affected users are expected to be circulated by the company at the earliest opportunity.

Earlier this year, competing PC manufacturer Lenovo was the center of a similar uproar regarding pre-installed content that included a self-signed HTTPS certificate. In that case, Superfish adware was the guilty party — but the way that it opened up the computer it was installed upon resembled the exploit potentially lingering on Dell systems.

There are plenty of reasons why building a computer can be a better option than buying a stock system, but chief among them has to be complete control over what is installed upon it from the outset. In most cases, bloatware is the biggest problem, but a scenario like Dell’s snafu is something many users would prefer to steer clear of altogether.

Emerging Tech

How Super Mario, Magic: The Gathering, and PowerPoint are low-key supercomputers

What if the creators of Super Mario World, PowerPoint, and even Magic: The Gathering had accidentally created tools hiding a general-purpose computer in plain sight? Turns out they have.

The Commerce Department implements a temporary reprieve to Huawei

Google has severed most of its partnerships with Huawei, after its addition to the "Entity List" of the U.S. Department of Commerce. Future Huawei devices will lose access to the Google Play Store, Chrome, and Android updates.

Here are some common Kindle Fire problems, and how to fix them

Is your Amazon tablet giving you grief? Is it refusing to behave the way you expect? Take a deep breath -- everything will be fine. Here are some widely reported Kindle Fire problems and a few possible solutions to go with them.

The 15 best tech jobs boast top salaries, high satisfaction, lots of openings

Late spring weather isn’t the only thing heating up. The technology sector offers some of the hottest jobs in the country, and talent and experience are in high demand. May is blooming with thousands of high-paying positions all over the…

Zombieload forces a choice between performance and security. What will you do?

Intel has handled the recent discovery of a security vulnerability in its CPUs with confidence, a contrast to its reaction to Spectre and Meltdown. But with ZombieLoad, performance and security seem to be at odds, and you have to choose.

Your amazing PC rig needs an amazing computer case. These are the very best

There's an incredible variety of PC cases on the market, but a few stand above the rest. Any of our five best computer cases will make your desktop look and work great, no matter what your budget is.
Product Review

The first AMD-powered Chromebook will make you wish you had Intel inside

The HP Chromebook 14 is a budget Chrome OS laptop that cuts its price in part by choosing AMD over Intel and by using plastic instead of metal. The results are mixed.

Yes, Google tracks and collects your online purchases through Gmail. But why?

Google has been tracking your purchase history and while the company says that the tracking is part of an effort to help you keep track of your purchases, there are indications that there might be other, less clear motives for doing so.

HP slashes $200 off Spectre x360 laptops in Memorial Day deal

HP's Spectre x360 laptops are among the best premium convertible notebooks on the market today, and now you can save $200 on these laptops thanks to HP's Memorial Day sale. The 15-inch model also supports discrete graphics.

Windows 10 notifications driving you crazy? Here's how to get them under control

Are the notifications on Windows 10 annoying you? Here's our guide on how to turn off notifications in Windows, and how to manage alerts so that the important stuff still gets through.

Walmart Memorial Day sale: 4K TVs, laptops, and Apple iPads get price cuts

The Walmart Memorial Day sale has begun. With some pretty nice savings on Apple iPads, Samsung and Vizio 4K TVs, laptops, and Google Home devices, now is a great time to snag some electronics for cheap.

Best Memorial Day sales 2019: Walmart, Dell, and Home Depot start early

If you're looking to save big on some shiny new stuff for Memorial Day 2019, we've gathered everything you need to know into one place. Find out where to save the most money before the summer hits its stride.
Home Theater

Plex is free and easy, and you'll wonder how you survived without it

If you want a Netflix-like experience for the media you already own, you need Plex. It's the free media center software that automatically catalogs and plays your movies, music, photos, and more, on your TV. Here's how to use it.
Product Review

Oculus Quest is the affordable VR rig we’ve been waiting for

Oculus announced that its Project Santa Cruz virtual reality headset will ship next year as the Oculus Quest, and we got to try out several new game titles on the Quest. Find out our impressions of VR without wires.