Home / News / Laptop News / Dell put your privacy at risk, and wants to say sorry

Dell put your privacy at risk, and wants to say sorry

by

Dell laptop
Dell laptops left open to hackers

Another day, and yet another cybersecurity gaffe…

Dell has apologised after a serious security flaw with the company’s laptops was exposed.

The issue lay with an SSL certificate installed on certain Dell laptops, including the new Dell XPS 15.

The self-signed root certificate authority – named eDellRoot – is stored locally, which allows hackers to potentially create spurious versions of the key. That means hackers could create fake certificates, and intercept a user’s traffic.

Normally, when an attacker intercepts traffic, it would be flagged by a web browser. But by exploiting eDellRoot, the browser would be tricked into thinking the intercept is legitimate.

“Today we became aware that a certificate (eDellRoot), installed by our Dell Foundation Services application on our PCs, unintentionally introduced a security vulnerability,” writes Laura Thomas, Dell’s Chief Blogger.

Thomas continues: “The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system.”

She adds: “Customer service and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it.”

Dell has promised to push a software update today that checks for, and removes, the certificate.

Related: Best Free Antivirus 2015

The case is similar to the Superfish scare earlier this year, which saw Lenovo laptops shipping with a self-signed SSL certificate.

However, there are a few differences. For a start, Dell maintains that its certificate “is now malware or adware”, unlike Superfish, which was explicitly adware.

It’s also worth noting that while Superfish was third-party software installed on Lenovo laptops, eDellRoot was actually built in-house.

Have you ever been hacked? Let us know in the comments.

Check out our Windows 10 video guide below:

comments powered by Disqus