Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Dell security error widens as researchers dig deeper

Jeremy Kirk | Nov. 24, 2015
Duo Security researchers found a second weak digital certificate on a new Dell Inspiron laptop.

Dell officials did not have an immediate comment on that update, saying it would post instructions for how to fix eDellRoot later on Monday on this page.

It's unknown how many computer may be affected. But the advisory listed models that use DFS, which include Dell's XPS, Inspiron, Vostro, and Precision laptops and the OptiPlex and Precision Tower desktop models.

Duo Security's report said just removing eDellRoot from the Windows certificate stores isn't enough, as it will be reinstalled. The eDell plugin must be dumped, which can be done by eliminating a module called "Dell.Foundation.Agent.Plugins.eDell.dll."

The company also found another problem on the Dell laptop it bought. It found a digital certificate that was used to sign some Bluetooth management software on the Dell computer. The company was able to crack its password in about six hours.

The certificate expired on March 13, 2013, but Manzuik said that "our research shows that there was a period of about 11 days where it was a valid certificate meaning that it could be easily used, for example, to sign malware."

The certificate came from Atheros Communications, a company that was acquired by Qualcomm in 2011.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.