Skip to main content

Update: Some Dell computers have vulnerable HTTPS credential, removal instructions issued

dell xps 13 2015 review lid logo
Greg Mombert/Digital Trends
Update 8:30AM 11/24/2015: Another statement has been issued. This one clarifies that the “eDellRoot” certificate was not malware or adware, but part of the company’s support services, and the resulting security flaw was unintentional. A removal tool has been made available. You can read Dell’s full blog post addressing the issue here.

Update 3:05PM 11/23/2015: Dell has issued an expanded statement about the security problem, stating it was unintended flaw, and that users will be able to fix the issue by following the company’s instructions.

Customer security and privacy is a top concern and priority for Dell. The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience. Unfortunately, the certificate introduced an unintended security vulnerability. To address this, we are providing our customers with instructions to permanently remove the certificate from their systems via direct email, on our support site and Technical Support. We are also removing the certificate from all Dell systems moving forward. Note, commercial customers who image their own systems will not be affected by this issue. Dell does not pre-install any adware or malware. The certificate will not reinstall itself once it is properly removed using the recommended Dell process.

It’d be better if the problem never existed in the first place, but Dell’s response has appeared much quicker than Lenovo’s handling of Superfish, which initially denied there was a problem at all.

Original text: It’s thought that systems currently being shipped by Dell might be carrying a major security flaw, leaving them wide open for potential attacks. Evidence of this error has been found on an Inspiron 5000 series notebook and an XPS 15 with a certificate called “eDellRoot,” but at this stage it’s difficult to get a handle on just how widespread the problem is.

The issue centers around the self-signed transport layer security credential, according to findings from Reddit reported by Ars Technica. Its existence makes it relatively simple for a hacker to slip past HTTPS protection protocols by forging a certificate to imitate the credentials of the self-signed “eDellRoot” certificate found on vulnerable Dell systems. With that bit of subterfuge complete, it would be possible for an attacker to imitate any website without the user knowing. Even most security programs can’t detect this sort of attack.

Remarkably, this problem was not caught by Dell, instead being investigated by a user who found a suspicious certificate named eDellRoot pre-installed on a new system. His claims were then corroborated by other users who found the same files present on their Dell computers.

Dell has since released a statement stressing that customer security and privacy is a ‘top concern’ in relation to pre-installed content. As such, an investigation into these suspect certificates in currently ongoing, and more updates for affected users are expected to be circulated by the company at the earliest opportunity.

Earlier this year, competing PC manufacturer Lenovo was the center of a similar uproar regarding pre-installed content that included a self-signed HTTPS certificate. In that case, Superfish adware was the guilty party — but the way that it opened up the computer it was installed upon resembled the exploit potentially lingering on Dell systems.

There are plenty of reasons why building a computer can be a better option than buying a stock system, but chief among them has to be complete control over what is installed upon it from the outset. In most cases, bloatware is the biggest problem, but a scenario like Dell’s snafu is something many users would prefer to steer clear of altogether.

Editors' Recommendations

Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Best gaming laptop deals: Alienware, Razer, Asus and more
An Alienware m16 gaming laptop in use on a desk, playing Baldur's Gate III.

Modern gaming laptops are sleek, lightweight, and surprisingly powerful, given the first two parts, especially with how big modern GPUs tend to be. In fact, some of the best gaming laptops can match, or at the very least, compete with some of the best gaming desktops, which is pretty impressive given their size. You'll also be happy to know that the best PC games still manage to work well with lower and mid-range modern gaming PCs, so you don't have to worry about spending several thousand dollars to get something that's good at gaming.

To help you with picking something great, we've found deals from some of the best laptop brands and include Lenovo laptop deals, Acer laptop deals, Dell laptop deals, and HP laptop deals, although if you're looking for some more general deals, these laptop deals have some good options, too.
MSI Bravo 15 -- $750, was $1,000

Read more
Today only: Grab an Acer Chromebook for $160 at Best Buy
A family using the Acer Chromebook 315.

Chromebook deals are going to start cropping up all over the place as we inch ever closer to the back-to-school season. Of course, some of these promos are better than others, and it’s up to us to track down the best sales from retailers like Amazon, Best Buy, Walmart, and computer companies themselves. Speaking of which: Best Buy deals on computers are particularly good, and we found a Chromebook offering we felt worth mentioning.

While this sale is ongoing, you’ll be able to nab the Acer Chromebook 315 with a laptop sleeve for just $140. Normally priced at $200, that’s a $60 markdown that screams “buy me before the back-to-school rush!”

Read more
Best Squarespace deals: Save on domains, web builder, and more
A laptop with Squarespace displayed on the screen.

If you've been wanting to build your own website, whether personal or business-related, you'll be surprised at how easy it is to build a website with Squarespace. Not only that, but Squarespace has a lot of extra add-ons that you can check out, with a lot of them being included in the subscription cost and a lot of them you won't find on other website builders. As for the subscriptions themselves, they're actually quite reasonable, and if you go for an annual plan, you can get up to 36% off, or if you're a student, you can get an impressive 50% off, so it's well worth considering Squarespace for your website needs.

Besides just website building, there are a ton of perks of subscription, from hosting to email campaigns and even Squarespace Courses, which is pretty unique for a website-building website. So, if that sounds like something you'd like to be a part of, we've listed all the ways you can save on Squarespace subscriptions below.
Today’s best Squarespace deals

Read more