Dell offers fix for computer security flaw

25 Nov 2015 | Author: | No comments yet »

Dell Acknowledges Security Hole in New Laptops.

Major U.S. computer company Dell Inc said on Monday a security hole exists in some of its recently shipped laptops that could make it easy for hackers to access users’ private data.

The issue started after it was discovered Dell shipped devices with a self-signed root digital certificate, eDellRoot, which is used to encrypt data traffic. A pre-installed program on some newly purchased Dell laptops that can only be removed manually by consumers makes them vulnerable to cyber intrusions that may allow hackers to read encrypted messages and redirect browser traffic to spoofs of real websites such as Google or those belonging to a bank, among other attacks. “The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience,” Dell said in a statement to Reuters. “Unfortunately, the certificate introduced an unintended security vulnerability.” Dell declined to say how many computers or which specific models are affected. Dell said it would provide customers with instructions to permanently remove the certificate by email and on its support website, a process that will likely be highly technical.

On Monday, Duo Security published a report saying that it had also recently come across the eDellRoot issue while checking out a Dell Inspiron 14 laptop it recently bought. As part of its investigation, the company’s analysts scanned the Internet using a tool from Censys to see if there are systems on the Internet using eDellRoot to encrypt traffic. The finding, Duo Security wrote, suggests that Dell may have shipped other computers and devices with identical cryptographic keys, another major mistake. Dell officials did not have an immediate comment on that update, saying it would post instructions for how to fix eDellRoot later on Monday on this page.

But the advisory listed models that use DFS, which include Dell’s XPS, Inspiron, Vostro, and Precision laptops and the OptiPlex and Precision Tower desktop models. The eDell plugin must be dumped, which can be done by eliminating a module called “Dell.Foundation.Agent.Plugins.eDell.dll.” The company also found another problem on the Dell laptop it bought.

The certificate expired on March 13, 2013, but Manzuik said that “our research shows that there was a period of about 11 days where it was a valid certificate meaning that it could be easily used, for example, to sign malware.”

Here you can write a commentary on the recording "Dell offers fix for computer security flaw".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site