Remember the scandal Superfish? In February, Lenovo had been pinned as it préinstallait on some machines a security certificate can be issued by the US company Superfish in the unglamorous purpose of injecting advertisements in web pages. But the main problem was elsewhere: this certificate introduced a major security flaw in the system and allowed to carry out attacks interception (“Man in the middle”).
Well imagine that Dell has done exactly the same thing eight months later. Some users of its recent notebooks were shocked to see in the Certificate Manager self-signed certificate called “eDellRoot”. By analyzing more closely this file, the security researcher Kevin Hicks, aka “rotorcowboy”, discovered that this security certificate was accompanied by his private key and that it was the same for each PC. Extract the private key is relatively easy. An attacker could therefore, now use it to create attacks interception on all Dell PCs that incorporate this certificate.
18 steps to delete the certificate in hand
First, Dell has denied any safety problems with this certificate. But after a while, he finally admitted the facts. “We deeply regret what happened and make sure that we solve the problem” , it said in a note posted Monday evening official blog. The manufacturer says it will release a patch today, November 24, to permanently delete the certificate. Indeed, delete directly into the Certificate Manager is useless because it is reinstalled by a DLL file to the next machine start. We must therefore remove the certificate and the DLL file. Those who do not want to wait for the patch can download a removal tool on the Dell site. It is also possible to delete everything by hand. The manufacturer was established in a 18-step guide, available online.
To find out if you’re concerned, it’s simple. Open the “Start” in Windows and do a search on “certmgr.msc” file menu. By clicking on it, you access the Certificate Manager. Open the folder “Trusted Root Certification Authorities – & gt; Certificates “and see if you see the certificate” eDellRoot “. You can also search by right clicking on the folder “Certificates – Current User”.
is one last question: What was this certificate? According to Dell, it was for the bearer service to sign telemetry data, that is to say information relating to the machine and to its use. This is not shocking priori. The only problem is that this process introduces a huge security hole. Dell must review its copy.
No comments:
Post a Comment