Dell put your privacy at risk, and wants to say sorry

Another day, and yet another cybersecurity gaffe…

Dell has apologised after a serious security flaw with the company’s laptops was exposed.

The issue lay with an SSL certificate installed on certain Dell laptops, including the new Dell XPS 15.

The self-signed root certificate authority – named eDellRoot – is stored locally, which allows hackers to potentially create spurious versions of the key. That means hackers could create fake certificates, and intercept a user’s traffic.

Normally, when an attacker intercepts traffic, it would be flagged by a web browser. But by exploiting eDellRoot, the browser would be tricked into thinking the intercept is legitimate.  

“Today we became aware that a certificate (eDellRoot), installed by our Dell Foundation Services application on our PCs, unintentionally introduced a security vulnerability,” writes Laura Thomas, Dell’s Chief Blogger.

Thomas continues: “The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system.”

She adds: “Customer service and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it.”

Dell has promised to push a software update today that checks for, and removes, the certificate.

Related: Best Free Antivirus 2015

The case is similar to the Superfish scare earlier this year, which saw Lenovo laptops shipping with a self-signed SSL certificate.

However, there are a few differences. For a start, Dell maintains that its certificate “is now malware or adware”, unlike Superfish, which was explicitly adware.

It’s also worth noting that while Superfish was third-party software installed on Lenovo laptops, eDellRoot was actually built in-house.

Have you ever been hacked? Let us know in the comments.

Check out our Windows 10 video guide below: