Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Isaac Brekken/Press Association Images

Dell apologises for shipping a built-in security flaw with its latest laptops

The company has provided a removal tool and instructions, saying the certificate wasn’t adware or malware.

DELL HAS APOLOGISED for shipping PCs with a vulnerability and has issued a software tool to remove the problem.

The issue comes from an SSL certificate that would allow attackers to impersonate a HTTPS site and carry out man-in-the-middle attacks against users. Dell explained the certificate, called eDellRoot, wasn’t adware or malware, but a support tool designed to make it easier to service their systems.

We deeply regret that this has happened”, it said in a post. ”The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers”.

This certificate is not being used to collect personal computer information. It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process.

As well as providing instructions for permanently removing the certificate, and an uninstaller app, Dell will also push a software update later today that will check for the certificate and remove it if detected. It also said that it will be removed from all Dell systems in future.

If you bought a Dell PC recently and want to check yourself, you can do so by opening search and typing in ‘mmc’ or ‘certmgr.msc’ to open the certificate manager. When it does, click on Trusted Root Certification Authorities > Certificates and search for the eDellRoot certificate.

When you find it, select it and remove it by clicking the red x in the toolbar.

The issue first came to light over the weekend after a number of security researchers and groups expressed concern over the certificate.

Earlier this year, Lenovo was caught with a similar security flaw. The Superfish was installed by the company as a way of serving up extra ads, but security flaws meant any attacker could carry out man-in-the-middle attacks, allowing them to interpret messages like passwords, financial details and personal information.

Read: A Minority Report-style interface for your devices isn’t sci-fi but a real possibility >

Read: The Samsung S6 Edge won plaudits, but does a bigger version bring anything new? >

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
11 Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds