Dell Laptop Security Hole Acknowledged
In a similar situation to the Lenovo backdoor "Superfish", Dell has now acknowledged that a security hole exists in some of its recently shipped laptops that could make it easy for hackers to intercept users' private data.
Dell shipped a self-signed root CA certificate, with it's private key; intended to "provide a better, faster and easier customer support experience" but which can instead allow hackers to read encrypted messages and redirect browser traffic to spoofs of real websites. The certificate is included with newer XPS, Latitude, Inspiron and Precision laptops and can be manually removed. A string of recent key leakage and reuse vulnerabilities are an alarming reminder of the inherent trust we put in our hardware providers.
Two web-based tests are available, courtesy of Kenn White and Hanno Bick to check if you are vulnerable.
Dell shipped a self-signed root CA certificate, with it's private key; intended to "provide a better, faster and easier customer support experience" but which can instead allow hackers to read encrypted messages and redirect browser traffic to spoofs of real websites. The certificate is included with newer XPS, Latitude, Inspiron and Precision laptops and can be manually removed. A string of recent key leakage and reuse vulnerabilities are an alarming reminder of the inherent trust we put in our hardware providers.
Two web-based tests are available, courtesy of Kenn White and Hanno Bick to check if you are vulnerable.