Dell Press Conference To Introduce The Venue Tablet Line And New XPS Laptops (Photo : Getty Images)
A major security vulnerability which also was similar to the Superfish found on Lenovo computers was discovered by a Redditor, named Rotorcowboy, on his brand new Dell XPS 15 laptop.
The Inquirer reports that he found eDellRoot, a self-signed root CA, was pre-loaded with the laptop. It also had a private key that was marked as non-exportable. But a raw copy of the private key could be sourced using several tools such as the Jailbreak tool from NCC Group.
The Redditor posts, "After briefly discussing this with someone else who had discovered this too, we determined that they are shipping every laptop they distribute with the exact same root certificate and private key, very similar to what Superfish did on Lenovo computers."
In a statement, the hardware maker said that computer security and privacy is a top concern for Dell. It claims to have a strict policy of minimizing the number of pre-loaded applications and assessing all applications for its security and usability. The firm boasts of an extensive end-user security practice that develop capabilities and best practices to ensure protection of its clients.
Dell said it is investigating the matter and promised to update media and its customers of the result of its probe.
Rotorcowboy criticized Dell because the computer manufacturing giant was aware of the bad press that Lenovo got for Superfish, a rogue root CA that injects adverts into web pages. However, he points out that the eDellRoot is not a third-party application placed surreptitiously but Dell's own bloatware.
On Tuesday, The Verge reported that Dell posted instructions how to permanently remove eDellRoot from affected system. The company will also publish a software update to automatically check for the certificate and remove it.
Dell said that the certificate was placed not to collect personal customer information, rather "It was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model. The certificate was pre-installed in Inspiron 5000, XPS 15 and XPS 13 laptops.
