Earlier this year Lenovo was caught with egg on its face when an application known as SuperFish was found to be interfering with the secure connection between a users PC and a supposedly secure site. In basic terms your browser or software would not detect that – for example – a cloned banking website was using an untrusted security certificate and allow you to access the site.
According to a report on ExtremeTech a programmer by the name of Joe Nord has discovered a similar problem affecting recent Dell notebooks. They’ve been shipped with a preinstalled, self signing encryption certificate called eDellRoot, which could be invoked by a phishing website to appear as if it was genuine. Not all browsers are affected.
Security blogger Robert Graham say that the problem is just as big as the SuperFish one, and that “Dell needs to panic. It’s corporate customers need to panic.” A representative for Dell in South Africa told htxt.africa that the software was meant to provide better, faster and easier customer support. The irony being that the firm now has to double up its customer service operation to fix the issue.
So how do I fix this?
The good news is that Dell has acted fast. In a mea culpa apology, the firm has posted instructions for removing the certificate here, and says that an automatic update will be pushed out to customers which will permanently get rid of the “feature”.
If you can’t wait, you can find out if your Dell system has been affected by using this test website. Upon loading you should be greeted with a pop-up stating that your browser cannot verify the identity of the server. Should you be directed to a “totally legit website” on your Dell PC then you might be affected.
Dell says it will also send instructions for removing the certificate to owners via email, or you can contact Dell through the local support site for assistance.
[Image CC by 2.0 – Christiaan Colen]