Sloppy Security Software Exposes Dell Laptops to Hackers

Dell may be selling some Windows laptops with a dangerous security flaw that could allow hackers to access your computer. Users have reported that recent-model Dell laptops, including the XPS and Inspiron 5000 series, come preloaded with self-signed digital certificates that could let criminals and spies impersonate Dell and upload malware to these PCs, which could do anything from stealing your personal information to turning your computer into a bot.

A thread on Reddit appeared earlier today (Nov. 23) detailing Reddit user Rotorcowboy's discovery of a Dell certificate, called eDellRoot, upon a recently made XPS 15 laptop. Rotorcowboy discovered that the certificate contained a private key, and was able to extract it using commonplace hacker tools. On a recently made Dell XPS 13, we found a second self-signed certificate, called DSDTestProvider, that also contained a private key -- a big security mistake.

Anyone with a recent Dell laptop can test for the presence of the eDellRoot certificate by visiting https://bogus.lessonslearned.org/, which uses that private key to authenticate itself as Dell. If you see an image of a ninja dog, you might be in trouble.

Source: http://www.laptopmag.com/articles/dell-certificate-security-flaw

0 comments:

Post a Comment