Dell admits it unwittingly built a serious security flaw into its computers

Customers’ bank details and personal data at risk

Computer company Dell has admitted that it unwittingly built a serious security flaw into the computers it was selling.

The hole in defences meant that customers’ personal data including bank details and other personal information was exposed to attacks.

The piece of software in question was pre-installed on Dell PCs and was a self-signed root certificate authority, called “eDellRoot”, and the private key that can access it.

All the computers affected came with the exact same root certificate and private key, which amounts to a serious security flaw.

According to a Reddit user who spotted the flaw, “this is a major security vulnerability that endangers all recent Dell customers”.

illustration business man throwing away laptop

But there’s no need to throw your laptop off a cliff just yet. Dell has now issued guidance on how to remove the rogue software.

In a statement the company said: “We became aware that a certificate (eDellRoot), installed by our Dell Foundation Services application on our PCs, unintentionally introduced a security vulnerability. The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it.”

The company added: “We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward.”

Now read

Social Bookmarks