Skip to main content

Dell offers a fix for its Superfish-style security scare

Dell XPS 13

After discovering an unintentional vulnerability built into its laptops, Dell has released an apologetic statement and issued a free software removal tool to fix affected machines.

In a blog post, Dell officials clarified it included a root certificate named eDellRoot on several of its notebooks (including the XPS 15, XPS 13 and Inspiron 5000 series machines) as a way for its online support agents to quickly identify a customer's computer model for servicing.

"This certificate is not being used to collect personal customer information," a Dell spokesperson wrote to distance themselves from the Lenovo Superfish adware scare.

Attached to the statement, Dell also posted user instructions explaining how to permanently remove the problematic eDellRoot entity. First discovered by a programmer named Joe Nord, the preinstalled SSL certificate could have potentially allowed hackers to reverse-engineer a signing key and gain access to a user's computer through a public Wi-Fi hotspot.

By spoofing the SSL key, hackers could have also launched more sophisticated attacks over an unsafe website or internet access point to scrape passwords, credit card numbers and other sensitive information.

via The Verge