All products featured on WIRED are independently selected by our editors. However, we may receive compensation from retailers and/or from purchases of products through these links.
Dell has admitted that several models of recently shipped computers contain a serious security vulnerability of its own making. The computer giant said it "deeply regrets that this has happened" and that it is "taking steps to address it".
What is the issue?
The problem has been caused by a pre-installed SSL certificate called eDellRoot, described by The Register as an "unkillable zombie", which was set-up by default (and by Dell) to be a pretty much all-powerful security key to your laptop.
The idea was to make your machine easier to service. The problem is that an attacker could extract that key, create a forged version and direct your web browsing to any page or service it likes, potentially accessing your emails, passwords and online banking pins.
The latest scandal comes after a similar issue faced by Lenovo several months ago, in which computers were found to be compromised by adware that intercepted internet connections to inject adverts.
Embarrassingly for Dell, there's even a section of their website in which they address "worries about Superfish". "Dell limits its pre-loaded software to a small number of high-value applications on all of our computers," the page reads. "Each application we pre-load undergoes security, privacy and usability testing to ensure that our customers experience the best possible computing performance, faster set-up and reduced privacy and security concerns."
The latest fault, described by some as 'Superfish 2.0', surfaced after a customer took to Reddit to complain. "While attempting to troubleshoot a problem, I discovered that it came pre-loaded with a self-signed root certificate authority," wrote rotorcowboy.
, very similar to what Superfish did on Lenovo computers. For those that aren't familiar, this is a major security vulnerability that endangers all recent Dell customers".
The certificate was actually intended to "provide the system service tag to Dell online support", which would allow support staff to identify a model to make service quicker and easier.
According to a report at The Register, computers affected are the XPS 15, Latitude E7450, Inspirion 5548, Inspirion 5000, Inspiron 3647, and the Precision M4800. WIRED contacted Dell to find out if any of the compromised computers were shipped to the UK, but have not yet received a response.
How do I know if I'm affected?
According to rotorcowboy, it's fairly easy to find out whether or not you're affected. On a Dell computer, go to Start --> type "certmgr.msc --> accept on UAC prompt --> Trusted Root Certification Authorities --> Certificates. Once in 'Certificates', you should be able to check for an entry called "eDellRoot".
What do I do if my computer is infected?
As an "unkillable zombie", you can't just delete the certificate -- it will return on its own.
So far, though, there are two ways of removing the certificate. The first way is by downloading a patch (available here). But you can also remove the certificate manually -- explained by Dell in a blog post.
Dell are keen to stress that the certificate will be not be included on future models.
http://www.theregister.co.uk/2015/11/23/dell_security_nightmare_gets_worse/
This article was originally published by WIRED UK
