Dell Laptops Being Shipped With eDellRoot Superfish-Like Vulnerability

If you’re reading this on a Dell notebook, then you may have a security issue on your hands after it was discovered that at least some of Dell’s machines carry an SSL certificate created by the company, with machines currently set up to trust any SSL certificate that it signs.

The SSL certificate, called “eDellRoot” and discovered by programmer Joe Nord, is stored locally on the machine in question, so it is entirely possible that an unscrupulous attacker could use it to grant SSL-certified access to spoofed websites and the like, potentially opening a huge number of users up to the possibility of quite a troublesome security breach.

Dell-eDellRoot

So far, users have reported the existence of eDellRoot on Inspiron 5000 and XPS 15 machines, and according to sources, the XPS 13 is also affected by this issue.

If any of this sounds familiar, it’s because Lenovo was found to have a similar security hole in its own machines earlier this year, with the Superfish Adware program similarly carrying a local, self-signed certificate on the machine. Lenovo has since removed Superfish, and it’s likely Dell will have to do something similar. While Superfish was used to serve ads, it’s unclear quite what eDellRoot was supposed to be doing on people’s machines.

For its part, Dell claims that “customer security and privacy is a top concern,” while also confirming that it has “a team investigating the current situation.” Dell does promise to “update [customers] as soon as [they] have more information,” although an actual timescale for that to happen was not offered.

While things like self-signed SSL certificates do have the potential to allow attackers to wreak havoc, it’s important to remember that such a thing happening to your computer is very unlikely indeed. Still, any chance is too much as far as we’re concerned, especially when the reason for the issue is an OEM installing something on its machines before unsuspecting folk buy them.

Here’s to hoping Dell does the right thing, and quickly.

(Source: Joe Nord | via: The Verge)

You may also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.