Story 2015-12-11 XCWE Dell Laptop Security Hole Acknowledged

Dell Laptop Security Hole Acknowledged

by
Anonymous Coward
in security on (#XCWE)
In a similar situation to the Lenovo backdoor "Superfish", Dell has now acknowledged that a security hole exists in some of its recently shipped laptops that could make it easy for hackers to intercept users' private data.

Dell shipped a self-signed root CA certificate, with it's private key; intended to "provide a better, faster and easier customer support experience" but which can instead allow hackers to read encrypted messages and redirect browser traffic to spoofs of real websites. The certificate is included with newer XPS, Latitude, Inspiron and Precision laptops and can be manually removed. A string of recent key leakage and reuse vulnerabilities are an alarming reminder of the inherent trust we put in our hardware providers.

Two web-based tests are available, courtesy of Kenn White and Hanno Bick to check if you are vulnerable.
Reply 2 comments

The strange part (Score: 1)

by Anonymous Coward on 2015-12-12 12:03 (#XFJD)

... is that they admitted to this

Re: The strange part (Score: 2, Interesting)

by pete@pipedot.org on 2015-12-12 17:57 (#XG9J)

Right? Not for lack of denying it at first, of course! I'm not a big fan of theirs anymore, as I type from the last one I will own...anyone have suggestions for manufacturers that don't suck, and provide long term support, ie, at least 4 years...Dell stopped updating the software and drivers for my laptop 2 years after it was released. Seems way too short by any standard...