Creepy discovery.
After Lenovo Super Fish bubble in February, it seems that Dell has done something similar.
Updated, 2:31:
Dell confirms to Reuters that there is a security hole in newly sold machines, but they will not say how many people are affected, or which models it applies.
“ This is associated with a preinstalled certificate intended to provide a better, faster and easier customer support experience. Unfortunately gave the certificate of an unintentional vulnerability . “
The software should have been installed in August, according to the same Dell press contact. The company assures that future machines is not going to contain the error, and that they should explain the above affected customers how to remove the certificate permanently.
Updated 00:04:
People who have tried to delete “Dell Foundation Services” (read more about Dell software supplied on your usage), then delete the certificate afterwards, can probably get rid of it by deleting it from certmgr.msc as explained in this article.
An update of the current Dell program was uploaded on November 22, but it is uncertain whether the dishes certificate error quietly.
Updated, 11:47 p.m.:
According to a Reddit-is the root certificate implemented after the installation of Dell’s own updates on a new machine.
The Registry confirms that the certificate is automatically installed after deletion and restart. Also a sysadmin for a smaller company confirms the problem.
From a Dell product page:
Potential crisis for Dell
For a certificate named “ eDellRoot ” comes as part of the standard package on new Dell computers. But what is so dangerous about this, really?
The problem is that an attacker can use the same certificate to sign false certificates and implement them on malicious websites.
Snapper up info
That way, the owner of the machine theoretically get unsolicited visits by hackers who can intercept sensitive information – it is not proven that the certificate makes it possible to execute code on the victim machine.
On Twitter confirms Dell that they investigate what has happened.
Dell mentioned in connection with the NSA-snooping in 2013
Is the certificate used for NSA -snoking? We do not know, but we could notify in December 2013
“ NSA spying not only by obtaining access to social media and network cabling. They also install spyware on new PCs. According to the report that Spiegel has accessed via the whistleblower Edward Snowden install intelligence agency in cooperation with the CIA and FBI spyware on machines before they reach customers.
This happens via secret “workshops” where agents from the NSA called TAO (Tailored Access Operations) group installs the spyware. This can according to the report happen because NSA agents have gained access to products from a large number of players in the market, according to the report.
Among the companies mentioned are Cisco, Juniper Networks, Dell, Seagate , Western Digital, Maxtor, Samsung, and Huawei. “
Read also: NSA said they had stopped the storage of e-mail data in 2011.
Are you affected?
To find out if your Dell computer has the dangerous certificate:
- Press windows – r and type certmgr. msc
- Find the “Trusted Root Certification Authorities” – & gt; “Certificates”
- Do “eDellRoot” on this list is the machine potentially insecure
It is possible to delete the certificate, but it will supposedly back automatically after reboot.
Probably requires a complete reinstallation of the machine to remove this, but we guess it comes a tool from Dell if this should prove to be a problem.
ITavisen follows developments in this case closely.
Sources:
Reddit
Joe Nord
No comments:
Post a Comment