Some Dell Computers Found Vulnerable to Man-in-the-middle Attacks Due to Root Certificate Vulnerability
It has been recently discovered that some Dell computers are vulnerable to man-in-the-middle attacks because of an issue with a root certification authority. Root certificates help your web browser verify that websites you visit are legitimate and are who they say they are. Your web browser comes prepopulated with a number of root certificates from globally-trusted certification authorities such as Symantec, but additional root certificates can added by hardware or software manufacturers.
Dell installs one of these certificates, eDellRoot, on a number of their computers, along with the private decryption key. As a result, this vulnerability can leave computers open to man-in-the-middle attacks. A man-in-the-middle attack (MITM) is akin to eavesdropping. Data being sent from computer A to computer B (server/website) becomes accessible and an attacker can get in-between and intercept these transmissions.
In addition to man-in-the-middle attacks, the eDellRoot certificate authority and private key can also allow attackers to make malware look as if it were coming from a legitimate company, but it will only look legitimate to computers with eDellRoot installed.
Symantec tested Dell computers and found that the eDellRoot certificate authority was present on the following models:
- Inspiron 7000 (laptop and desktop)
- Dell Orchid Touch
- Dell t4034