Another day, and yet another cybersecurity gaffe…
Dell has apologised after a serious security flaw with the company’s laptops was exposed.
The issue lay with an SSL certificate installed on certain Dell laptops, including the new Dell XPS 15.
The self-signed root certificate authority – named eDellRoot – is stored locally, which allows hackers to potentially create spurious versions of the key. That means hackers could create fake certificates, and intercept a user’s traffic.
Normally, when an attacker intercepts traffic, it would be flagged by a web browser. But by exploiting eDellRoot, the browser would be tricked into thinking the intercept is legitimate.
“Today we became aware that a certificate (eDellRoot), installed by our Dell Foundation Services application on our PCs, unintentionally introduced a security vulnerability,” writes Laura Thomas, Dell’s Chief Blogger.
Thomas continues: “The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system.”
She adds: “Customer service and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it.”
Dell has promised to push a software update today that checks for, and removes, the certificate.
Related: Best Free Antivirus 2015
The case is similar to the Superfish scare earlier this year, which saw Lenovo laptops shipping with a self-signed SSL certificate.
However, there are a few differences. For a start, Dell maintains that its certificate “is now malware or adware”, unlike Superfish, which was explicitly adware.
It’s also worth noting that while Superfish was third-party software installed on Lenovo laptops, eDellRoot was actually built in-house.
Have you ever been hacked? Let us know in the comments.
Check out our Windows 10 video guide below: