Dell admits digital certificate mistake on PCs, provides fix

For years Dell Inc. has been a source of desktops and laptops for organizations who like the company’s pricing and quality. But it has suddenly become a concern for CISOs after acknowledging that a root digital certificate that has come with many of its devices since August has a security vulnerability.

The company issued a statement late Monday after several sites carried reports about the problem with the eDellRoot certificate for remote support that includes a private key, a raw copy of which could be obtained using several tools. A hacker could then set up a public Wi-Fi hotspot and intercept communications by creating a phony Web site. The bug reportedly doesn’t work on Firefox browsers.

“We deeply regret that this has happened and are taking steps to address it,” Dell spokesperson Laura P. Thomas said.  Security teams can download instructions here on how to remove the certificate. Commercial customers who re-imaged their systems without Dell Foundation Services are not affected by this issue.

As for employees and partners who have Dell devices, sometime today manufacturer will push a software update that will check for the certificate, and if detected remove it. In the meantime owners of Dell laptops can go to this site (https://edell.tlsfun.de) to check if their device has the bad certificate.

The certificate is not malware or adware, Thomas said, but was intended to provide the system service tag allowing Dell online support staff to identify the computer model for faster service.

One of the earliest reports about the vulnerability came from Joe Nord, who wondered why his new Dell Inspiration 5000-series laptop included  would come with a root certificate linked to a private key. His blog was quickly picked up by others who investigated and confirmed the existence of the certificate.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now