Dell installs a root CA in new laptops with easy access to private key, opening a huge backdoor

Superfish-like parasite is back!

Dell_Logo-1024x1021
So, a clever and skilled purchaser of a new XPS 15 9550 discovered a root CA (Certification Authority) installed in his/her machine. Another person confirmed the same and they published the results – basically, Dell install a certificate named eDellRoot with a private key that is the same for all (or at least many) new Dell machines and can be uncovered quite easily with the right tool (link again).

The private key in this kind of encryption should remain unknown to any party not involved in the communication and specifically, known only to one side of the communicators, allowing it to decrypt the communication. Such a think is a huge backdoor and a sign that you can’t trust the company. Not only that Dell installed the CA and not only the private key is the same for all, it also did it all by itself! Unlike in the Lenovo Superfish carnival, which has Lenovos’ laptop compromised by a third party software, in this case, Dell itself installed it.

Honestly, I don’t know well the security mechnics and how well this backdoor can be utilized by attackers. Also, I don’t know if a simple (buy annoying) formatting of the storage device and reinstalling the OS would be enough (maybe it’s in the bios or something).

rotorcowboy, who have discovered it and published it, also published the keys, thumbprint and serial code, so people could compare and see if it is the same in their laptop and also to force Dell to stop with this crap, I guess.

I checked my Dell Inspiron 7559 (the one I reviewed) and it has the same thing exactly, same serial and all. You could easily check it by running Start -> type “certmgr.msc” -> (accept on UAC prompt) -> Trusted Root Certification Authorities -> Certificates.

Not sure yet if this parasite installed by Dell automatically via the UEFI technic or it can be removed easily. Read the discussion on reddit and let me know if you see anything. Here, a person on reddit says the thing is automatically installed after every full shutdown. Also, some kind of a workaround is provided.

You can also check if you get any warning surfing to this site made by Kenn White to show that your laptop can be fooled:

Test site for Dell eDellRoot

All in the original post on reddit : source. Another story on Arstechnica.

Leave a Reply

avatar

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
Notify of