Dell has admitted that a pre-installed digital certificate on a few of its recently shipped laptops, makes them prone to cyber-attacks.
A Dell spokesperson apologized for what happened and are taking steps to address it. The self-signed root certificate was intended to provide the system service tag to Dell online support allowing them to quickly identify the computer model. It is not being used to collect personal customer information.
The discovery of DSDTestProvider root certificate comes just after eDellroot scare, according to PCWorld. This new certificate could allow attackers to perform man-in-the-middle and passive-decryption attacks when a Dell user logs into a public Wi-Fi network. The certificate includes a private key.
When a Dell laptop is signed onto a public hotspot, the attacker generates certificates that are signed by the DSDTestProvider Certificate Authority, and those certificates will be trusted by any Dell computer that trusts the certificate authority. This allows attackers to impersonate websites, sign software and email messages as well as decrypt network traffic. An attacker can even install malicious software on compromised systems.
The implications of this security hole reach beyond just owners of Dell systems. In addition to stealing information, including log-in credentials, from encrypted traffic, man-in-the-middle attackers can also modify that traffic on the fly. This means someone receiving an email from an affected Dell computer or a website receiving a request on behalf of a Dell user cannot be sure of its authenticity.
Dell has posted instructions on its website to permanently remove the certificate from affected systems, and the company will also publish a software update that will automatically check for the certificate and remove it, The Verge reported. The company has not confirmed how many machines are affected, but the Inspiron 5000, XPS 15, and XPS 13 are known to ship with the certificate pre-installed.