#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 12°C Thursday 15 April 2021

Dell apologises for shipping a built-in security flaw with its latest laptops

The company has provided a removal tool and instructions, saying the certificate wasn’t adware or malware.

Image: Isaac Brekken/Press Association Images

DELL HAS APOLOGISED for shipping PCs with a vulnerability and has issued a software tool to remove the problem.

The issue comes from an SSL certificate that would allow attackers to impersonate a HTTPS site and carry out man-in-the-middle attacks against users. Dell explained the certificate, called eDellRoot, wasn’t adware or malware, but a support tool designed to make it easier to service their systems.

We deeply regret that this has happened”, it said in a post. ”The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers”.

This certificate is not being used to collect personal computer information. It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process.

As well as providing instructions for permanently removing the certificate, and an uninstaller app, Dell will also push a software update later today that will check for the certificate and remove it if detected. It also said that it will be removed from all Dell systems in future.

If you bought a Dell PC recently and want to check yourself, you can do so by opening search and typing in ‘mmc’ or ‘certmgr.msc’ to open the certificate manager. When it does, click on Trusted Root Certification Authorities > Certificates and search for the eDellRoot certificate.

When you find it, select it and remove it by clicking the red x in the toolbar.

The issue first came to light over the weekend after a number of security researchers and groups expressed concern over the certificate.

Earlier this year, Lenovo was caught with a similar security flaw. The Superfish was installed by the company as a way of serving up extra ads, but security flaws meant any attacker could carry out man-in-the-middle attacks, allowing them to interpret messages like passwords, financial details and personal information.

Read: A Minority Report-style interface for your devices isn’t sci-fi but a real possibility >

Read: The Samsung S6 Edge won plaudits, but does a bigger version bring anything new? >

About the author:

Quinton O'Reilly

Read next:


This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel