Kudos2 Stats

Some Dell Computers Found Vulnerable to Man-in-the-middle Attacks Due to Root Certificate Vulnerability

It has been recently discovered that some Dell computers are vulnerable to man-in-the-middle attacks because of an issue with a root certification authority. Root certificates help your web browser verify that websites you visit are legitimate and are who they say they are.  Your web browser comes prepopulated with a number of root certificates from globally-trusted certification authorities such as Symantec, but additional root certificates can added by hardware or software manufacturers.

Dell installs one of these certificates, eDellRoot, on a number of their computers, along with the private decryption key. As a result, this vulnerability can leave computers open to man-in-the-middle attacks. A man-in-the-middle attack (MITM) is akin to eavesdropping. Data being sent from computer A to computer B (server/website) becomes accessible and an attacker can get in-between and intercept these transmissions.

In addition to man-in-the-middle attacks, the eDellRoot certificate authority and private key can also allow attackers to make malware look as if it were coming from a legitimate company, but it will only look legitimate to computers with eDellRoot installed.

Symantec tested Dell computers and found that the eDellRoot certificate authority was present on the following models:

  • Inspiron 7000 (laptop and desktop)
  • Dell Orchid Touch
  • Dell t4034

Dell addressed the issue and provided removal instructions to correct the problem. Dell will be issuing a software update in the future to check for the certificate and remove it.