A recently uncovered security vulnerability in new Dell PCs leaves users’ communications potentially open to interception or corruption.–PC Pitstop.
Huge Security Hole Found in New Dell PCs
by Jim Hillier for Daves Computer Tips
Following close on the heels of the Lenovo “Superfish” debacle comes news of yet another major manufacturer embroiled in similar security controversy, this time it’s the US-based Dell.
As part of an enhanced support tool, Dell installed a self-signed root certificate (eDellRoot) and corresponding private key on its computers, apparently blissfully unaware that this exposes users’ encrypted communications to potential spying. Even more surprising is that the company did this with full knowledge of Lenovo’s very similar security blunder which came to light earlier this year.
In Lenovo’s case the goal was ad injection whereas Dell asserts that it was only trying to streamline remote support. Regardless of intention, this silly blunder creates a gaping security hole for those affected.
At this stage it remains unclear as to exactly what models may be affected. However, Dell PC owners can check for the vulnerability here: https://edell.tlsfun.de/
Dell’s Response
