Dell Ships Devices with Flawed Root CA Certificate Installed

November 23, 2015—Dell recently acknowledged that it shipped devices with a root CA certificate (eDellRoot) installed, which exposes users to “unintentional” security vulnerability. According to their official announcement, the certificate was installed by their Dell Foundation Services application as part of a support tool intended to help customers get faster and easier service.

Dell customers discovered this flaw and found that attackers can use this certificate to silently decrypt encrypted web browser traffic. Also worrying is the fact that when one tries to uninstall it, the file automatically reinstalls itself during or after the next reboot.

Dell has responded to the security concerns with instructions on how to permanently remove the certificate. They will also push an update starting on November 24 that will check for the certificate and remove it if detected.

The US computer company has yet to release a list of affected devices.

Comments are closed.