Skip to main content

Dell's Laptops are Infected with 'Superfish-Like' pre-installed Malware

Image
By
 
superfish-malware
Similar to the Superfish malware that surrounded Lenovo laptops in February, another big computer manufacturer Dell spotted selling PCs and laptops pre-installed with a rogue SSL certificate that could allow attackers:

To impersonate as any HTTPS-protected website and spy on when banking or shopping online.

The rogue certificate, dubbed eDellRoot, was first discovered over the weekend by a software programmer named Joe Nord. The certificate is so creepy that it automatically re-installs itself even when removed from the Windows operating system.

Also Read: Lenovo Caught Using Rootkit to Secretly Install Unremovable Software

Superfish 2.0: Unkillable Zombie


The self-signed transport layer security (TLS) credential came pre-installed as a root certificate on Dell PCs and laptops that are signed with the same private cryptographic key, which is stored locally.

That means an attacker with moderate technical skills can extract the key and abuse it to sign forged version of TLS certificates for any HTTPS-protected site on the Internet, exposing users to all manner of SSL attacks.

The certificate key can be used to conduct man-in-the-middle (MITM) attacks on Dell owners, silently stealing user names, passwords, session cookies, and other sensitive information when the affected Dell machines are connected to a malicious Wi-Fi hotspots in cafes, hospitals or airports.

The problem is similar to the scandal that hit Lenovo in February when the PC manufacturer was caught pre-installing an invasive adware program called Superfish with a similar self-signed cert to inject third-party advertisements into websites on browsers.

Must Read: Automatic Superfish Removal Tool

Although Dell's case is different as there is no indication that the certificate is being used to inject advertisements on the laptops, the resulting security issue is the same.

Affected PCs and Laptops


The self-signed certificate key was discovered to be pre-installed as a root certificate on at least three Dell laptop models:
  • Dell Inspiron 5000 series notebook
  • Dell XPS 15
  • Dell XPS 13
This indicates that the dangerous certificate may be present on a significant number of the Dell desktops and laptops currently on the market, specifically recent Dell Inspiron Desktop, XPS, and Precision M4800and Latitude models.

To Check if Your Computer is Vulnerable


To discover the dangerous certificate:
  • Open up the Start menu
  • Select Run
  • Type in certmgr.msc – the Windows certificate manager – into the box and Hit Enter
  • Open up the Trusted Root Certification Authority folder on the left
  • Select Certificates
  • Search for eDellRoot
Once found, right-click over eDellRoot and hit "Remove." It appears to be gone, but actually it's not.

Reboot your computer and reopen certmgr.msc and search for the certificate "eDellRoot". Yeah, the removed root CA cert is back.

What Should You do? How to Remove?


It seems that even if the certificate is clearly fraudulent, Google Chrome and Microsoft Edge and Internet Explorer browsers always establish an encrypted Web session with no warnings.

But fortunately, Mozilla's Firefox web browser generates an alert warning that the certificate was not trusted.

So, Dell customers with new XPS, Precision, and Inspiron models are advised to use Firefox to browse the web.

To fix the issue completely, Dell users will need to manually revoke the certificate permissions, which is a complex and technically demanding task.

Moreover, security researcher Darren Kemp from Duo Security says that the problem may be even worse than what Nord suggested.

According to an analysis done by Kempa, a bundled plugin re-installs the root CA file when it is removed. So, to remove the eDellRoot certificate completely, you must:
  • First delete Dell.Foundation.Agent.Plugins.eDell.dll from your system
  • Then remove the eDellRoot root CA certificate

Dell's Response


In a statement, a Dell spokesperson said the company is investigating the report and looking into the certificate, but emphasized the company’s policy of minimizing pre-loaded software for security reasons.

Comments

Post a Comment

Popular posts from this blog

Best Web Design Company in Pondicherry

By
#Technology    has two faces. We all feel it, but sometimes can’t find words to describe it.  #Ebooks    are the best example to show the 0-1 nature of emotions the  #technology  evokes. #itwhere    provide a  #Best     #solutions    to  #Growyourbusiness    feel free to drop a  #Mail    info@itwheretech.co.in www.itwheretech.co.in 
5 comments
Read more

Phoenix OS is (another) Android-as-a-desktop

By
Google Android may have been developed as a smartphone operating system (and later ported to tablets, TVs, watches, and other platforms), but over the past few years we’ve seen a number of attempts to turn it into a desktop operating system. One of the most successful has been  Remix OS , which gives Android a taskbar, start menu, and an excellent window management system. The Remix OS team has also generated a lot of buzz over the past year, and this week the operating system gained a lot of new alpha testers thanks to a  downloadable version of Remix OS  that you can run on many recent desktop or notebook computers. But Remix OS isn’t the only game in town.  Phoenix OS  is another Android-as-desktop operating system, and while it’s still pretty rough around the edges, there are a few features that could make it a better option for some testers. Some background I first discovered Phoenix OS from  a post in the Remix OS Google Group , although I’ve also found mentions of th
3 comments
Read more

How ad-free subscriptions could solve Facebook

By
At the core of Facebook’s “well-being” problem is that its business is directly coupled with total time spent on its apps. The more hours you pass on the social network, the more ads you see and click, the more money it earns. That puts its plan to make using Facebook healthier at odds with its finances, restricting how far it’s willing to go to protect us from the harms of over use. The advertising-supported model comes with some big benefits, though. Facebook CEO Mark Zuckerberg has repeatedly said that “We will always keep Facebook a free service for everyone.” Ads lets Facebook remain free for those who don’t want to pay, and more importantly, for those around the world who couldn’t afford to. Ads pay for Facebook to keep the lights on, research and develop new technologies, and profit handsomely in a way that attracts top talent and further investment. More affluent users with more buying power in markets like the US, UK, and Canada command higher ad prices, effectively
1 comment
Read more

So, when will your device actually get Android Oreo?

By
Google officially just took the wraps off of Android Oreo, but there are still some questions left to be answered — most notably, precisely when each device will be getting the latest version of the mobile operating system. Due to Android’s openness and a variety of different factors on the manufacturing side, it’s not an easy question to answer, but we’ll break it down best we can. First the good news: If your device was enrolled in the Android Beta Program, you’ll be getting your hands on the final version of the software “soon,” according to Google. Exactly what that means remains to be seen, but rest assured that you’ll be one of of the first people outside of Google to take advantage of picture-in-picture, notification dots and the like. No big surprise, Google handsets will be the first non-beta phones to get the update. The Pixel, Nexus 5X and 6P are at the top of the list, alongside Pixel C tablet and ASUS’s Nexus Player set-top box, which will be receiving the upgrade i
Post a Comment
Read more

Engineering against all odds, or how NYC’s subway will get wireless in the tunnels

By
Never ask a wireless engineer working on the NYC subway system “What can go wrong?” Flooding, ice, brake dust, and power outages relentlessly attack the network components. Rats — many, many rats — can eat power and fiber optic cables and bring down the whole system. Humans are no different, as their curiosity or malice strikes a blow against wireless hardware (literally and metaphorically). Serverless software deployment to the cloud, this is not. New York City officially got wireless service in every underground subway station a little more than a year ago, and I was curious what work went into the buildout of this system as well as how it will expand in the future. That curiosity is part of a series of articles I’ve written on an observed pattern known as cost disease, the massively inflating costs of basic human services like health care, housing, infrastructure, and education. The United States spends trillions of dollars on each of these fields, massively outspending sim
Post a Comment
Read more