Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What you need to know about Dell's root certificate security debacle

Lucian Constantin | Nov. 25, 2015
The full scope of the incident is still unclear, but there's a removal tool available.

It's not just laptops

Initial reports were about finding the eDellRoot certificate on various Dell laptop models. However, the certificate is actually installed by the Dell Foundation Services (DFS) application which, according to its release notes, is available on laptops, desktops, all-in-ones, two-in-ones, and towers from various Dell product lines, including XPS, OptiPlex, Inspiron, Vostro and Precision Tower.

Dell said Monday that it began loading the current version of this tool on "consumer and commercial devices" in August. This may refer both to devices sold since August as well as those sold prior and which received an updated version of the DFS tool. The certificate has been found on at least one older machine: a Dell Venue Pro 11 tablet dating from April.

More than one certificate

Researchers from security firm Duo Security found a second eDellRoot certificate with a different fingerprint on 24 systems scattered around the world. Most surprisingly, one of those systems appears to be part of a SCADA (Supervisory Control and Data Acquisition) set-up, like those used to control industrial processes.

Other users also reported the presence of another certificate called DSDTestProvider on some Dell computers. Some people have speculated that this is related to the Dell System Detect utility, although this is not yet confirmed.

There's a removal tool available

Dell released a removal tool and also published manual removal instructions for the eDellRoot certificate. However, the instructions might prove too difficult for a user with no technical knowledge to follow. The company also pushed a software update yesterday that will search for the certificate and remove it from systems automatically.

Corporate users are high-value targets

Roaming corporate users, especially traveling executives, could be the most attractive targets for man-in-the-middle attackers exploiting this flaw, because they likely have valuable information on their computers.

"If I were a black-hat hacker, I'd immediately go to the nearest big city airport and sit outside the international first class lounges and eavesdrop on everyone's encrypted communications," said Robert Graham, the CEO of security firm Errata Security, in a blog post.

As a matter of course, companies should deploy their own, clean and pre-configured Windows images on the laptops they buy. They should also make sure that their roaming employees are always connecting back to corporate offices over secure virtual private networks (VPNs).

It's not just Dell computer owners who should care

The implications of this security hole reach beyond just owners of Dell systems. In addition to stealing information, including log-in credentials, from encrypted traffic, man-in-the-middle attackers can also modify that traffic on the fly. This means someone receiving an email from an affected Dell computer or a website receiving a request on behalf of a Dell user can't be sure of its authenticity.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.