A bad example is contagious: Dell launches computers with a vulnerability like Superfish

On Dell XPS 15 laptops, a root certificate preinstalled in the operating system was found , the key and password of which are the same for all laptops of this model. In the future, this means that the safety of users of such laptops is under serious threat. The reason for the presence of this certificate in the system is unclear.

One of the users of the reddit website, exploring the far nooks and crannies of his Dell laptop, accidentally discovered the eDellRoot certificate installed. Comparing the certificates with another security specialist, the user came to the conclusion that all laptops come with absolutely identical certificates, private keys and passwords (the certificate password is “dell”).
')


In a similar situation at the beginning of this year, there were users of Lenovo IdeaPad series notebooks (and some others), which were preinstalled with a third-party Superfish program that inserted intrusive advertisements into web pages. Most likely, due to a developer bug, all copies of the program had identical self-signed root certificates, which was a real security threat.

This situation, for example, allows an attacker to replace any protected site - and such a substitution will not cause any warnings when a user tries to visit a fake site. In addition, the certificate can be used to sign malware.



After the outbreak of scandal, Lenovo lightly poured ashes on the head , explained to users how to remove the malicious certificate and program, and soon released an automatic utility for this.

Strangely enough, this story, as a result of which many called for practically to boycott Lenovo products, didn’t teach Dell anything. At the request of ExtremeTech, Dell sent a comment on this situation. In addition to the usual statements about how the company cares about user security, the response only states that Dell is currently conducting an internal investigation into the incident.

In the absence of clarity in official comments and the uncertainty of the exact purpose of this certificate, it can be assumed, for example, that its presence is the result of criminal activity of individual employees of the company - however, the likelihood of such an option is rather low.



In the discussion on reddit, users shared information that, apart from the XPS 15 models, the eDellRoot certificate is installed on the Inspiron 5000, Precision M4800 and Latitude 7440 models. And this certificate is not on new computers - it only appears after updating the proprietary software.

Specialists have already prepared a site with a certificate signed specifically to check for the presence of the described vulnerability. If the browser on your Dell laptop opens this site without any warning, your system is vulnerable and you need to take steps to remove the bad certificate. Users checking the site specify that Google Chrome, Microsoft Edge and Internet Explorer browsers do not issue any warnings. And only Firefox somehow recognizes an incorrect certificate and warns about it.



This news is also mentioned and discussed in our Habré.