Dell Press Conference To Introduce The Venue Tablet Line And New XPS Laptops (Photo : Getty Images)
As part of the company's strategy to create a seamless remote support service, Dell installed a self-signed root certificate along with corresponding private key on its computers and laptops. Dell did not realize, at least at first, that this certificate will expose encrypted user communication packets to potential spying.
To make matters worse, Dell marketed this new security strategy despite being fully aware of the same security blunder that took one of its competitors, Lenovo, by storm. The infamous Lenovo Superfish snafu works exactly the same way as the newly discovered security loophole on Dell machines.
Ironically, Dell used Lenovo's security mishap in order to highlight the company's commitment to deliver secure machines to its customers. According to Computer World, the product pages for some of Dell's Inspiron machine reads, "Worried about Superfish? Dell limits its pre-loaded software to a small number of high-value applications on all of our computers."
Dell added that all applications pre-loaded into its machines are thoroughly checked and tested to comply with the company's high security and privacy standards.
The culprit of the new security loophole from Dell is the eDellRoot certificate which is signed under the "Trusted Root Certificate Authorities." According to BBC, security experts discover that the certificate has two flaws. First, it exposes encrypted user traffic that contains sensitive information open for malicious attackers to exploit. Second, the certificate can be used by hackers to mask unsafe connection and program it so that the computer will see it as legitimate and safe.
Dell has already apologized for the debacle. The company said that it is working on a patch in order to fix the problem.
