Dell Ships Its New PCs With A Glaring Security Flaw

PC vendors more often than not ship their pre-built desktops and laptops with pre-installed software to provide a better overall service for the people, and in the process edge out the competition. However, after Lenovo's recent Superfish exploit, security researchers have become more wary and people are doubting pre-installed software. Now, Dell seems to follow the curve as reports say that the PC vendor is offering some PCs with a rogue piece of software that could be equal to Lenovo's Superfish.

According to reports, computer buyers who have settled with Dell's new PCs such as the latest Dell XPS 15 have found out about a new self-signed security certificate that is the same on every PCs. Should intruders manage to get a hold of a raw copy of the self-signed security certificate's private key, they will have a much easier way to attack every PC that ships with the code.

"I got a shiny new XPS 15 laptop from Dell, and while attempting to troubleshoot a problem, I discovered that it came pre-loaded with a self-signed root CA by the name of eDellRoot. With it came its private key, marked as non-exportable. However, it is still possible to obtain a raw copy of the private key by using several tools available (I used NCC Group's Jailbreak tool)," reads a Reddit post by a user who goes by Rotorcowboy.

Rotorcowboy afterwards briefly discussed it with someone who had discovered the same issue, and had determined that Dell is shipping its laptops that they distribute with the very same root certificate and private key, which appears somewhat similar with how Superfish worked on Lenovo's computers.

For users who are doubting if their Dell machine might be plagued by this issue, ExtremeTech has posted a way to check. Should a Dell PC be able to connect to the link they provided using Google Chrome or Internet Explorer, then it has the eDellRoot problem.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

Tags Dell

More from iTechPost

Real Time Analytics