New Superfish scare exposes Dell laptops to hacks when connected to Wi-Fi

Dell laptops get a second security scare

'Tis the season for security alerts? It sure feels like it if you're a laptop user. Just a day after Dell offered a fix for its Superfish-style security scare, the laptop maker is making headlines for a new security vulnerability involving a pre-installed root certificate.

The discovery of DSDTestProvider root certificate comes just after eDellroot scare. This new certificate could allow attackers to perform man-in-the-middle and passive-decryption attacks when a Dell user logs into a public Wi-Fi network. The certificate includes a private key.

When a Dell laptop is signed onto a public hotspot, the attacker generates certificates that are signed by the DSDTestProvider Certificate Authority, and those certificates will be trusted by any Dell computer that trusts the certificate authority. This allows attackers to impersonate websites, sign software and email messages as well as decrypt network traffic. An attacker can even install malicious software on compromised systems.

Dell's acknowledgement

Dell acknowledged that these certificates were installed as an easy way for Dell customers to get personalized support when calling in with problems.

"In the case of Dell System Detect, the customer downloads the software proactively to interact with the Dell Support website so we can provide a better and more personalized support experience," a Dell spokesman told ZDNet. "Like eDellRoot, the support certificate in question was designed to make it faster and easier for our customers to get support."

Dell said that customers who used the "detect product" function on its support site between October 20 and November 24 are affected by the vulnerability, and the company has since removed the application.

A fix

"We are proactively pushing a software update to address the issue and have also updated instructions on our site to permanently remove the certificate," Dell said in a statement.

Dell users should revoke the certificate by going into the Windows Certificate Manager and move the DSDTestProvider certicate to Untrusted Certificates. You should also repeat this for the eDellroot certificate. Users should also delete the Dell.Foundation.Agent.Plugins.eDell.dll module.

Dell stated that the certificates aren't malware in its support forum, and the company provided instructions (Word document download) on how to remove the root certificates on affected machines.

TOPICS