• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / Dell responds to security concerning eDellroot certificate on laptops

Dell responds to security concerning eDellroot certificate on laptops

2015-11-24 by Jason

Earlier this week, there were three posts around the web showing that Dell notebooks were being shipped with a root certificate installed in the Trusted Root store. The certificate Dell computers have installed is named eDellRoot. This is reminiscent of Lenovo’s SuperFish incident where they allowed third-party adware to have a root certificate installed to monitor HTTPS traffic.

The three posts include:

  • Joe Nord – New Dell computer comes with a eDellRoot trusted root certificate
  • Reddit /u/rotorcowboy – Dell ships laptops with rogue root CA, exactly like what happened with Lenovo and Superfish
  • Hanno’s blog – Superfish 2.0: Dangerous Certificate on Dell Laptops breaks encrypted HTTPS Connections

The write-ups detail the certificate and capture it in screenshots.

edellroot

Image credit: Joe Nord

If you would like to check to see if you have the eDellRoot certificate, you can use the online check built by Hanno Böck.

Researchers at Duo Security found two more certificates on a Dell Inspiron 14-inch laptop. One is related to the eDellRoot certificate while the other is related to Atheros to sign the Bluetooth drivers.

The problem with the certificates is that they allow TLS encrypted traffic to be decrypted, such as if you were using WiFi in a location where the traffic could be sniffed.

Dell responded to the concerns last night with a post to the corporate blog, simply titled Response to Concerns Regarding eDellroot Certificate. In it, they explain the origination of the certificate and provide instructions (.docx) on how to remove it to secure your system. On November 24th, they will also begin pushing a software update to automatically check for the certificate and remove it if found.

Today we became aware that a certificate (eDellRoot), installed by our Dell Foundation Services application on our PCs, unintentionally introduced a security vulnerability. The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it.

The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers. This certificate is not being used to collect personal customer information. It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process.

The instructions cover stopping the Dell Foundation Services service, and then removing the plugin and certificate manually. They also provide a link to an automatic cleanup tool (.exe). If you image the computer and do not use the Dell Foundation Services, you will not be impacted.

In closing, Dell directs people to their Vulnerability reporting site for future security concerns.

Filed Under: Security and Privacy

Trending

  • Giveaway! AmpliFi joins the dark side with new black AmpliFi HD Mesh router
    In Hardware, Gadgets, and Products
  • Adobe Updates Acrobat and Flash To Address Critical Vulnerability
    In Security and Privacy, Software
  • RSA Offering To Replace All SecurIDs After March Breach and Attack On Lockheed Martin
    In News, Security and Privacy

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • Command line to take ownership and change permissions Command line to take ownership and change permissions
  • Creating and editing views in phpMyAdmin Creating and editing views in phpMyAdmin
  • Configure Outlook to recurring appointments for the last weekday of the month Configure Outlook to recurring appointments for the last weekday of the month
  • How to Purchase Cryptocurrencies? How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers Top 6 necessary aspects to consider when hiring Angular developers
  • Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business
  • Benefits of End-To-End Testing That Will Match Company Expectations Benefits of End-To-End Testing That Will Match Company Expectations
  • 3 Key Features of Pets Health Monitoring Systems 3 Key Features of Pets Health Monitoring Systems
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers
  • Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in