Dell Laptops Shipped With Superfish Certificate Vulnerability
Security researchers recently discovered that a security vulnerability certificate comes preinstalled on select Dell laptops. Here’s what you need to know about this Superfish-like vulnerability and how you can check if your Dell laptop is not affected.
The certificate, called eDellRoot, forces all affected computers to trust whatever SSL certificate it signs. Because the key is stored locally, an attacker can spoof the signed key and expose users on the computer to SSL attacker-in-the-middle attacks. According to the United States Emergency Preparedness Team (US-CERT) , this means you could be vulnerable to an attacker posing as websites (even those that look like HTTPS). A falsely signed certificate could also allow an attacker to send email or sign and install software that goes beyond Windows built-in security or your anti-malware protection. In addition, any encrypted network traffic and other data can be accessed and captured by a third party, HTTPS traffic to legitimate sites can be captured and decrypted.
The Dell Inspiron 5000, XPS 15, and XPS 13 are already certified, but Dell is still not sure how many computers are actually affected. If you want to scan your machine for vulnerabilities, Joseph Cox on Motherboards gave light to a simple system scan tool created by security researcher SlipStream / ROL ( @ TheWack0lian ). The instrument plays sound automatically, so don’t worry.
Fortunately, Dell has already provided a hotfix for finding the certificate and revoking its permissions. This can be a daunting task for those who don’t normally dig into their operating system, but Dell has released step-by-step instructions on how to remove the certificate . If your computer is affected, it is important to remove the certificate and the DFS component that re-installs the certificate.
You can read the statement released by Dell at the link below. We’ll update this post as we learn more.
Update : Dell has included an automatic uninstall tool in its instructions for removing certificates to simplify the process (link on page 3). Dell will also launch a software update starting today that will check for the certificate and remove it if found. Finally, we mistakenly recommended a checker from the slipstream / RoL security specialist, but this tool actually checks for another issue related to the same software.
Update 2: Security researchers discovered a second certificate (DSDTestProvider) that allows attackers to create trusted certificates and perform impersonation, mediation, and passive decryption attacks. CERT recommends revoking a certificate using Windows Certificate Manager (certmgr.msc).
Answering eDellRoot Certification Questions | Direct2Dell Official Dell Corporate Blog via The Verge and Ars Technica