Hack Alert: Own new Dell laptop? You could be hacked

Owners of new Dell laptops are being warned that their systems could be prone to serious security risks, thanks to SSL certificates that make them vulnerable to hackers.

The problem discovered by various security experts on new models of Dell Laptops indicates that SSL certificates found Dell machines, including a trusted eDellRoot root certificate allows hackers to stean sensitive information including bank passwords, emails etc.,

While the self-signed root digital certificate, eDellRoot is meant to encrypt data traffic, it also installed an associated private key, considered a major security flaw.

A report published by Duo Security said its research indicates that Dell is intentionally shipping identical private keys in other models which enables an attacker to get into Dell user’s web browsing traffic and manipulate their traffic to deliver malware

“if a user was using their Dell laptop at a coffee shop, an attacker sitting on the shop’s wi-fi network could potentially sniff all of their TLS encrypted traffic, including sensitive data like bank passwords, emails, etc,” the statement added.

The attacker it said could also manipulate the user’s traffic, e.g., sending malware in response to requests to download legit software, or install automatic updates - and make it all appear to be signed by a trusted developer.

Dell has meanwhile admitted to the flaw and said it has unintentionally introduced a security vulnerability that was actually intended to provide the system service tag to Dell online support.

In its statement Dell said it is also providing instructions to its customers about how the certificate could be permanently removed.

It also said that a new software update on November 24 will check for the certificate, and if detected will remove it.

“The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system… The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers. This certificate is not being used to collect personal customer information. It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process,” it added.

If you happen to own a Dell laptop here’s how you can find out if your laptop is indeed affected:

1 Click Start

2 Type "certmgr.msc" and

3 Accept on UAC prompt

4 Go to Trusted Root Certification Authorities

5 Click on Certificates

6 Check if you have an entry with the name "eDellRoot"

If your PC happens to include the certificate, click here for instructions on how you can remove it