Dell admits to security flaw on shipped laptops


A gap in security which could be exploited by hackers to acquire users’ data has been found in Dell computers, the computer company has admitted.

The “profound security flaw” could potentially allow access to bank details and personal data, the BBC reports.

The flaw was first uncovered by Reddit user /u/rotorcowboy, who uncovered a self-signed root certificate authority, called “eDellRoot” in his laptop, and the key which is associated with it. It is this piece of software in the heart of the laptop which can make it vulnerable.

According to /u/rotorcowboy, Dell “are shipping every laptop they distribute with the exact same root certificate and private key, very similar to what Superfish did on Lenovo computers. For those that aren’t familiar, this is a major security vulnerability that endangers all recent Dell customers.”

Dell have since acknowledged this, releasing a statement discussing the security flaw, and shared a link to information which would help users to uninstall the software from their computer and remove the security threat.

The statement said “Today we became aware that a certificate (eDellRoot), installed by our Dell Foundation Services application on our PCs, unintentionally introduced a security vulnerability. The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it.

“The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers. This certificate is not being used to collect personal customer information. It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process.”