A second dangerous Dell root certificate discovered

25 Nov 2015 | Author: | No comments yet »

And then there were two: Another dangerous Dell root certificate discovered.

The plot thickens: After Dell confirmed that one of its support tools installed a dangerous self-signed root certificate and private key on computers, users discovered a similar certificate deployed by a different Dell tool. Major U.S. computer company Dell Inc said on Monday a security hole exists in some of its recently shipped laptops that could make it easy for hackers to access users’ private data.GAUGING THE ISLAMIC STATE’S CAPABILITIES ONLINE: Is the Islamic State actually tech savvy, or has its online prowess been overblown in the aftermath of the Paris attacks? “The group’s technological knowhow is becoming more widespread. A pre-installed program on some newly purchased Dell laptops that can only be removed manually by consumers makes them vulnerable to cyber intrusions that may allow hackers to read encrypted messages and redirect browser traffic to spoofs of real websites such as Google or those belonging to a bank, among other attacks. “The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience,” Dell said in a statement to Reuters. “Unfortunately, the certificate introduced an unintended security vulnerability.” Dell declined to say how many computers or which specific models are affected. The software began getting installed on laptops in August, according to a spokeswoman.” THE TOLL OF ONLINE HARASSMENT: The Daily Dot tells the story of a family in Oswego, Ill., who says their life is being upended by an online hacker across the Atlantic: “Since 2010, the Straters have been under assault from an online campaign of ever-increasing harassment—prank deliveries, smear attacks, high-profile hacks, and threats of violence against schools and law enforcement officials in their name—and it’s slowly torn them apart.

In Dell’s case it was one of the company’s own support tools, which is arguably even worse because Dell bears full responsibility for the decision. Masterminding it all, Blair charges, is a teenage computer hacker from Finland, at war with him over a seemingly minor dispute spun completely out of control. While Dell has released a removal tool and instructions for the eDellRoot certificate, it has yet to do the same for DSDTestProvider or even acknowledge its presence on systems. Dell said it would provide customers with instructions to permanently remove the certificate by email and on its support website, a process that will likely be highly technical.

The product pages for Dell’s Inspiron 20 and XPS 27 All-in-One desktops, Inspiron 14 5000 Series, Inspiron 15 7000 Series, Inspiron 17 7000 Series laptops and probably other products, read: “Worried about Superfish? In April, a security researcher disclosed a vulnerability that could have allowed a remote attacker to install malware on a computer with the DSD application running. Tests performed inside a Windows 10 virtual machine revealed that the DSDTestProvider certificate gets left behind on the system when the Dell System Detect tool is uninstalled. Each application we pre-load undergoes security, privacy and usability testing to ensure that our customers experience the best possible computing performance, faster set-up and reduced privacy and security concerns.” The eDellRoot self-signed certificate is installed in the Windows certificate store under the “Trusted Root Certification Authorities.” This means that any SSL/TLS or code-signing certificate that is signed with the eDellRoot certificate’s private key will be trusted by browsers, desktop email clients and other applications that run on affected Dell systems. For example, attackers can use the eDellRoot private key, which is now publicly available online, to generate certificates for any HTTPS-enabled websites.

In these so-called Man-in-the-Middle (MitM) attacks, the attackers intercept users’ HTTPS requests to a secure website—bankofamerica.com for example. The users will see a valid HTTPS-encrypted connection to Bank of America in their browsers, but the attackers will actually be able to read and modify their traffic. However, the certificate is actually installed by the Dell Foundation Services (DFS) application which, according to its release notes, is available on laptops, desktops, all-in-ones, two-in-ones, and towers from various Dell product lines, including XPS, OptiPlex, Inspiron, Vostro and Precision Tower. Researchers from security firm Duo Security found a second eDellRoot certificate with a different fingerprint on 24 systems scattered around the world. Most surprisingly, one of those systems appears to be part of a SCADA (Supervisory Control and Data Acquisition) set-up, like those used to control industrial processes.

Roaming corporate users, especially traveling executives, could be the most attractive targets for man-in-the-middle attackers exploiting this flaw, because they likely have valuable information on their computers. “If I were a black-hat hacker, I’d immediately go to the nearest big city airport and sit outside the international first class lounges and eavesdrop on everyone’s encrypted communications,” said Robert Graham, the CEO of security firm Errata Security, in a blog post. In addition to stealing information, including log-in credentials, from encrypted traffic, man-in-the-middle attackers can also modify that traffic on the fly.

This means someone receiving an email from an affected Dell computer or a website receiving a request on behalf of a Dell user can’t be sure of its authenticity.

Here you can write a commentary on the recording "A second dangerous Dell root certificate discovered".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site