Dell Confirms Loophole on Its PCs Can Let Hackers Snoop on You

24 Nov 2015 | Author: | No comments yet »

Dell Plans Fix for Security Flaw That Could Let Hackers Snoop on Traffic.

Dell in a statement told Reuters, “The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience…Unfortunately, the certificate introduced an unintended security vulnerability.” While consumers can manually remove the pre-installed certificate, it compromises the root security of a system and can allow cyber-criminals to read private messages, carry out phishing attacks and steal private data.

The flaw, discovered by a private security researcher and announced Sunday, highlights the difficulty of implementing encryption schemes to protect computer users. A report on Ars Technica website says that the Dell computers are shipping with a “digital certificate that makes it easy for attackers to cryptographically impersonate Google, Bank of America, and any other HTTPS-protected website.” The report adds that the Inspiron 5000 series notebook and one XPS 15 model are shipping with this faulty root certificate. Dell said it’s posting instructions on its website for moving the flawed certificate, called eDellRoot, though this process can be technically complex. Hicks also put out a detailed report on Reddit showing how the eDellRoot certificate can actually be used by a network attacker to create fake certificates for use on real websites.

Lenovo had installed Superfish on its consumer laptops and it was revealed that the software compromised security of encrypted connections, paving the way for hackers to also to eavesdrop and carry out ‘man-in-the-middle’ style attacks. He said certificate authorities are not necessarily problematic, “but they become a problem when a manufacturer like Dell misconfigures them to trust anything on the web with a universal key that works across Dell computers, and root access.” Mr. White said owners of the flawed computers can protect themselves when surfing the Web by using Mozilla Corp.’s Firefox browser, which uses its own software to vet the security of websites.

Joe Nord, a computer programmer and blogger, detailed how eDellRoot works and how easy it is to gain access to the security key in a blog post earlier Sunday. More from WSJ.D: And make sure to visit WSJ.D for all of our news, personal tech coverage, analysis and more, and add our XML feed to your favorite reader.

Here you can write a commentary on the recording "Dell Confirms Loophole on Its PCs Can Let Hackers Snoop on You".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site