Dell details how you can remove its own security backdoor (updated)

Posted on Tuesday, Nov 24 2015 @ 16:51 CET by Thomas De Maesschalck
Dell logo
UPDATE: November 26, 2015: Turns out eDellRoot wasn't the only certificate from Dell, there's also DSDTestProvider. Fortunately, Microsoft added both certificates to the malware definitions of its Windows Defender software, meaning they'll be automatically disabled on a lot of Windows computers.




OLD post:

Dell has published a guide detailing how you can remove the eDellroot certificate. The PC maker claims it preinstalled this CA certificate on PCs to provide a better, faster and easier customer support experience. Unfortunately, the certificate poses a big security threat and could be used by attackers to steal personal information. Dell says it will push out a software update starting on November 24 that will check for the certificate, and if detected remove it.
The self-signed certificate is bundled with its private key, which is a boon for man-in-the-middle attackers: for example, if an affected Dell connects to a malicious Wi-Fi hotspot, whoever runs that hotspot can use Dell's cert and key to silently decrypt the victims' web traffic. This would reveal their usernames, passwords, session cookies and other sensitive details, when shopping or banking online, or connecting to any other HTTPS-protected website.

Stunningly, the certificate cannot be simply removed: a .DLL plugin included with the root certificate reinstalls the file if it is deleted. One has to delete the .DLL – Dell.Foundation.Agent.Plugins.eDell.dll – as well as the eDellRoot certificate.
Source: The Register


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments