Superfish reloaded: eDellRoot certificate punching a huge security hole in your new Dell computer
If you have recently bought a new Dell computer, it could come with a very dangerous security flaw. The flaw means that that malicious websites or software could be automatically trusted by Dell’s security software. It also means you are vulnerable, when using public Wi-Fi networks, to so-called ”man-in-the-middle” attacks.
Dell has acknowledged that a self-signed root certificate called eDellRoot, pre-installed on its new PCs, introduces the security vulnerability. The certificate was implemented as part of a support tool and intended to make it faster and easier for its customers to service their system. However, being a “self-signed” certificate, eDellRoot enables attackers to intercept traffic from an affected Dell laptop and any HTTPS-enabled website. The hacker can then act as proxy between the laptop and the website by re-encrypting the traffic with a rogue certificate that’s signed with the eDellRoot private key.
It’s not yet clear how many models are affected, although users have reported finding it on Dell XPS 15 and XPS 13 models, as well as a Latitude and an Inspiron 5000 series model.
Dell is now providing customers with removal instructions and says it will not add it to new devices going forward. The removal instructions can be downloaded here.
Dell fishing for trouble with this latest security flaw
It is an extremely embarrassing situation for the company, which publicly criticised its competitor Lenovo in February this year when Lenova pre-installed a program called Superfish that included a self-signed root certificate.
As one Dell XPS 15 laptop user says, “To add insult to injury, it’s not even apparent what purpose the certificate serves. At least with Superfish we knew that their rogue root CA was needed to inject ads into your web pages; the reason Dell’s is there is unclear.”
If you have recently bought a Dell computer and want to see if you are affected by this, go to Start -> type “certmgr.msc” -> (accept on UAC prompt) -> Trusted Root Certification Authorities -> Certificates and check if you have an entry with the name “eDellRoot”.Emsisoft Anti-Malware & Emsisoft Internet Security 184.108.40.20658 released