1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Dell support tool responsible for eDellRoot problems

Discussion in 'CSO' started by RSS, Nov 24, 2015.

  1. RSS

    RSS New Member Member

    The self-signed root certificate that has left Dell customers at risk was placed on affected systems after an August update to the Dell Foundation Services application.

    The certificate, eDellRoot, leaves consumers exposed to various attacks. A criminal could use the certificate to manipulate traffic or monitor over-the-air traffic in public to obtain access to sensitive information such as passwords or email contents.

    Researchers at Duo Labs examined a Dell laptop in-house and discovered the eDellRoot certificate, confirming previous reports that the certificate is shipped with the associated private key.

    The researchers then turned to the Censys project and discovered the certificate's fingerprint in several locations, confirming Dell has intentionally shipped identical keys in other models.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page