Posted on Tuesday, November 24 2015 @ 16:51 CET by Thomas De Maesschalck
OLD post:
Dell has published a guide detailing how you can remove the eDellroot certificate. The PC maker claims it preinstalled this CA certificate on PCs to provide a better, faster and easier customer support experience. Unfortunately, the certificate poses a big security threat and could be used by attackers to steal personal information. Dell says it will push out a software update starting on November 24 that will check for the certificate, and if detected remove it.
The self-signed certificate is bundled with its private key, which is a boon for man-in-the-middle attackers: for example, if an affected Dell connects to a malicious Wi-Fi hotspot, whoever runs that hotspot can use Dell's cert and key to silently decrypt the victims' web traffic. This would reveal their usernames, passwords, session cookies and other sensitive details, when shopping or banking online, or connecting to any other HTTPS-protected website.Source: The Register
Stunningly, the certificate cannot be simply removed: a .DLL plugin included with the root certificate reinstalls the file if it is deleted. One has to delete the .DLL – Dell.Foundation.Agent.Plugins.eDell.dll – as well as the eDellRoot certificate.
