The Channel logo


By | Chris Williams 24th November 2015 01:14

Dell: How to kill that web security hole we put in your laptops, PCs

Promises to automatically remove root CA cert from machines from Nov 24

Dell has published a guide on how to remove the web security backdoor it installed in its Windows laptops and desktop PCs.

This confirms what we all know by now – that Dell was selling computers with a rather embarrassing hole it in their defenses.

New models from the XPS, Precision and Inspiron families include a powerful root CA certificate called eDellRoot, which puts the machines' owners at risk of identity theft and banking fraud.

The self-signed certificate is bundled with its private key, which is a boon for man-in-the-middle attackers: for example, if an affected Dell connects to a malicious Wi-Fi hotspot, whoever runs that hotspot can use Dell's cert and key to silently decrypt the victims' web traffic. This would reveal their usernames, passwords, session cookies and other sensitive details, when shopping or banking online, or connecting to any other HTTPS-protected website.

Stunningly, the certificate cannot be simply removed: a .DLL plugin included with the root certificate reinstalls the file if it is deleted. One has to delete the .DLL – Dell.Foundation.Agent.Plugins.eDell.dll – as well as the eDellRoot certificate.

Dell has posted information [.docx] on how to do this properly, and future machines will not include the dangerous root CA cert. A software update process will run from November 24 that will remove the certificate automatically from machines, we're told.

In a statement to the media, the Texas-based IT titan said:

The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience. Unfortunately, the certificate introduced an unintended security vulnerability.

Dell said that it started including the root CA certificate with machines in August, although an Inspiron 15 series laptop we bought in July has an eDellRoot certificate on it.

"We deeply regret that this has happened and are taking steps to address it," added Laura Thomas, Dell's chief blogger.

"The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers. This certificate is not being used to collect personal customer information.

"It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process."

If you've got a new Dell, you can check here to see if you the dodgy root CA cert installed. For everyone, we'll leave you with this nightmare fuel... ®

comment icon Read 65 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe