Dell Confirms And Apologizes For eDellRoot Certificate Vulnerability, Offers Speedy Fix

Yesterday, we brought you the rather unfortunate news that a few models of new Dell laptops were shipping with eDellRoot, a self-signed root certificate that had its private key stored directly on the affected systems. Needless to say, this represents a rather serious security risk for customers, and is reminiscent of the Superfish debacle that plagued Lenovo earlier this year.

For its part, Dell stated yesterday “that security and privacy is a top concern” for the company and that it had a “team investigating the current situation.” Thankfully for customers, Dell responded quickly and has given us a rundown on what exactly happened. And amazingly, reddit user crusoe was right on target with his hypothesis on what transpired.

dell hq

“The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system,” said Dell’s Laura Thomas in a corporate blog. “We deeply regret that this has happened and are taking steps to address it.”

Thomas goes on to state that unlike with Superfish, eDellCert had nothing to do with adware and it definitely wasn’t intended as malware. Instead, eDellCert was simply takes with providing a system’s service tag to online support representatives in the event that a customer needed after-purchase assistance.

Dell says that eDellCert was intended to “[make] it easier and faster to service our customer,” but it appears that its developers also played a little too fast and loose, which is why the company finds itself in this current predicament.

If you simply want the eDellCert off your computer as soon as possible, you can remove it on your own using these Dell-provided instructions [PDF]. If you prefer, Dell will be pushing out a software update today that will remove the certificate automatically for you if it is detected on your system.


Via:  Dell
Show comments blog comments powered by Disqus