Dell Ships PCs With Massive Security Risk
Dell has confirmed it shipped computers with a major built-in security flaw. The unintentional move could expose users to a significant risk of hackers accessing their personal data.
The issue at hand deals with an exploit in the secure sockets layer (SSL). Specifically, Dell has inadvertently shipped PCs and laptops with both a trusted root certificate and key, when only the trusted certificate should have been allowed.
The idea behind the mishap was to help identify Dell computers when they were connected to Dell's online support service. In this case, the computer's model number could be checked, and the support system would have then provided tailored advice and run automated fixes.
In addition to creating tailored support, however, the inadvertent exploit has now made it possible for hackers to eavesdrop on all SSL connections made to secure websites (including online banking, for example).
Hackers Could Pose as Any Legitimate Website
In order for the attack to work, the a hacker would need to be on the same network as the victim - most likely through a public WiFi hotspot. Once a connection is made, the hacker could then sniff data the user was sending to any secure website (due to both the private key and root certificate being available).
The result is a recipe for an attack that would be challenging to pull off, but extremely devastating. For example, any user with an exploited machine could have any of the following sniffed: banking details, user names and passwords, social security numbers, credit card information, and the like.
All data sent to and from affected computers would be in an unencrypted form, but the victim would never know the connection was compromised. Furthermore, the connection would still be listed as a secure connection in the web browser, making it appear to be a secure connection, when the opposite is true.
It would also be possible for hackers to generate bogus web certificates and redirect users to malicious websites in order to phish for sensitive information.
The only way to know if something was amiss is if users view the SSL certificate in the web browser for each SSL connection made, and then manually validate that the site they are connected to matches the web and IP address of the certificate.
How to Remove Rogue 'eDell Root' Certificate Exploit
Dell has published details of how to remove the certificate on its website. It will also be sending out an automatic update to permanently remove the certificate in the coming days. (Source: dell.com)
Exactly which models are affected isn't confirmed by Dell yet, but one report lists the Inspiron 3647, Inspiron 5000, Inspiron 5547, Latitude E7450, Precision M4800 and XPS 15. There's also an independently run website at tlsfun.de which will check for the presence of the rogue certificate. (Source: grahamcluley.com)
A similar security risk happened recently with Lenovo systems in February of this year. In that case, Lenovo notebook computers contained unwanted adware, called Superfish. The adware not only had the potential to spy on users, but could alter web pages using a similar exploit described in this article.
What's Your Opinion?
Do you have one of the affected models? Had you heard anything from Dell before reading this article? Has Dell done enough to explain how the problem occurred and reassure customers it will never happen again?
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
A major exploit and a massive security risk
This is probably the worst of the worst exploits you can have, and would go completely unnoticed as it would not be detected through antivirus or antimalware software. If you own a Dell, please visit the tlsfun.de site to see if your system is exploitable. If it is, remove the root security certificate immediately (visit Dell's site to read how). Both links are in the above article.