The Independent’s journalism is supported by our readers. When you purchase through links on our site, we may earn commission.

New Dell laptops affected by Superfish-style security issue that could leave users vulnerable to hackers

Dell has said the problem software will be removed in an upcoming update

At least two new Dell laptops have been found to be affected
At least two new Dell laptops have been found to be affected

Some new laptops released by Dell have been affected a major security weakness, due to a piece of problem software that could leave users vulnerable to malicious hacking.

The problem lies with a root certificate called eDellRoot, which could potentially be exploited by hackers to steal users' data.

The bad certficate has so far been found on the Inspiron 5000 and XPS 15 laptops, but it could affect a larger number of Dell products.

The root certificate is a small file which is used to encrypt connections, making them secure.

When you see that padlock sign in your browser bar when using online banking or some social media sites, the certificate has kicked in - your browser has spoken to the web server, has verified that the service is legitimate, and has established a secure connection through which your data is encrypted, making it very difficult for malicious hackers to access it.

The problem exists because the key, which the certificate uses to encrypt the information, is stored locally on the computer. This makes it possible for a hacker who has one of the affected computers to reverse engineer the key and reveal its encryption methods.

This would allow them to interrupt the connection between browser and server and pose as a legitimate, secure website - potentially letting them access things like passwords and credit card information.

A security expert named Kenn White was able to illustrate this problem by creating a website that establishes a connection to a website that appears to be a secure link to the Bank of America page, but is in fact a bogus site of his own creation (featuring a criminal Doge in a ski mask).

White managed to show how users affected by this security flaw can be tricked into accessing seemingly-secure sites that are actually capable of stealing information by interrupting the connection.

Browsers like Firefox and Chrome use their own certificates, and will warn users when they connect with the bad certificate and not allow them to access it - but people using less secure browsers wouldn't have the same protection.

The issue is reminscent of the Lenovo 'Superfish' problem - in which a program that was meant to help deliver advertising to webpages but could actually be used to intercept data.

Lenovo was heavily criticised for making users vulnerable at the time, and Dell has received the same treatment from the security community.

Dell quickly released a statement on the issue through their website.

Speaking about the bad certificate, they said: "The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system."

They have also released instructions for a fairly technical process that allows affected users to remove eDellRoot from their computers themselves.

Dell also added that a software update will be pushed out to users on Tuesday 24 November, which will check for the certificate and remove it if it's present.

The certificate will also be removed from all Dell products and systems in the future.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in