Advertisement

Readers like you keep news free for everyone.

More than 5,000 readers have already pitched in to keep free access to The Journal.

For the price of one cup of coffee each week you can help keep paywalls away.

Support us today
Not now
Monday 5 June 2023 Dublin: 18°C
Isaac Brekken/Press Association Images
# slip up
Dell apologises for shipping a built-in security flaw with its latest laptops
The company has provided a removal tool and instructions, saying the certificate wasn’t adware or malware.
9.4k
11
Nov 24th 2015, 10:51 AM

DELL HAS APOLOGISED for shipping PCs with a vulnerability and has issued a software tool to remove the problem.

The issue comes from an SSL certificate that would allow attackers to impersonate a HTTPS site and carry out man-in-the-middle attacks against users. Dell explained the certificate, called eDellRoot, wasn’t adware or malware, but a support tool designed to make it easier to service their systems.

We deeply regret that this has happened”, it said in a post. ”The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers”.

This certificate is not being used to collect personal computer information. It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process.

As well as providing instructions for permanently removing the certificate, and an uninstaller app, Dell will also push a software update later today that will check for the certificate and remove it if detected. It also said that it will be removed from all Dell systems in future.

If you bought a Dell PC recently and want to check yourself, you can do so by opening search and typing in ‘mmc’ or ‘certmgr.msc’ to open the certificate manager. When it does, click on Trusted Root Certification Authorities > Certificates and search for the eDellRoot certificate.

When you find it, select it and remove it by clicking the red x in the toolbar.

The issue first came to light over the weekend after a number of security researchers and groups expressed concern over the certificate.

Earlier this year, Lenovo was caught with a similar security flaw. The Superfish was installed by the company as a way of serving up extra ads, but security flaws meant any attacker could carry out man-in-the-middle attacks, allowing them to interpret messages like passwords, financial details and personal information.

Read: A Minority Report-style interface for your devices isn’t sci-fi but a real possibility >

Read: The Samsung S6 Edge won plaudits, but does a bigger version bring anything new? >

Making a difference

A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

For the price of one cup of coffee each week you can make sure we can keep reliable, meaningful news open to everyone regardless of their ability to pay.

Support us Learn More

Author
Quinton O'Reilly
quinton@thejournal.ie
@qoreilly
Send Tip or Correction
Read Next
More Stories
Related Tags
Your Voice
Readers Comments
11