Dell - Laptops are infected with Superfish-Like pre-installed Malware



Nordnet Baritof
Nordnet Baritof
  • Technical Writer
  • Entrepreneur
  • Founder and CEO
  • Developer
  • Blogger and IT Analyst
2015-11-24 06:02:36

| Share
| Share
| Share
Dell - Laptops are infected with Superfish-Like pre-installed Malware

Similar to the Superfish malware that surrounded Lenovo laptops in February, another big computer manufacturer Dell spotted selling PCs and laptops pre-installed with a rogue SSL certificate that could allow attackers:

To impersonate as any HTTPS-protected website and spy on when banking or shopping online.

The rogue certificate, dubbed eDellRoot, was first discovered over the weekend by a software programmer named Joe Nord. The certificate is so creepy that it automatically re-installs itself even when removed from the Windows operating system.

Superfish 2.0: Unkillable Zombie

The self-signed transport layer security (TLS) credential came pre-installed as a root certificate on Dell PCs and laptops that are signed with the same private cryptographic key, which is stored locally.

That means an attacker with moderate technical skills can extract the key and abuse it to sign forged version of TLS certificates for any HTTPS-protected site on the Internet, exposing users to all manner of SSL attacks.

The certificate key can be used to conduct man-in-the-middle (MITM) attacks on Dell owners, silently stealing user names, passwords, session cookies, and other sensitive information when the affected Dell machines are connected to a malicious Wi-Fi hotspots in cafes, hospitals or airports.

The problem is similar to the scandal that hit Lenovo in February when the PC manufacturer was caught pre-installing an invasive adware program called Superfish with a similar self-signed cert to inject third-party advertisements into websites on browsers.

Although Dell's case is different as there is no indication that the certificate is being used to inject advertisements on the laptops, the resulting security issue is the same.

Affected PCs and Laptops

The self-signed certificate key was discovered to be pre-installed as a root certificate on at least three Dell laptop models:

  • Dell Inspiron 5000 series notebook
  • Dell XPS 15
  • Dell XPS 13

This indicates that the dangerous certificate may be present on a significant number of the Dell desktops and laptops currently on the market, specifically recent Dell Inspiron Desktop, XPS, and Precision M4800 and Latitude models.

To Check if Your Computer is Vulnerable

To discover the dangerous certificate:

  • Open up the Start menu
  • Select Run
  • Type in certmgr.msc – the Windows certificate manager – into the box and Hit Enter
  • Open up the Trusted Root Certification Authority folder on the left
  • Select Certificates
  • Search for eDellRoot

Once found, right-click over eDellRoot and hit "Remove." It appears to be gone, but actually it's not.

Reboot your computer and reopen certmgr.msc and search for the certificate "eDellRoot". Yeah, the removed root CA cert is back.

What Should You do? How to Remove?

It seems that even if the certificate is clearly fraudulent, Google Chrome and Microsoft Edge and Internet Explorer browsers always establish an encrypted Web session with no warnings.

But fortunately, Mozilla's Firefox web browser generates an alert warning that the certificate was not trusted.

So, Dell customers with new XPS, Precision, and Inspiron models are advised to use Firefox to browse the web.

To fix the issue completely, Dell users will need to manually revoke the certificate permissions, which is a complex and technically demanding task.

Moreover, security researcher Darren Kemp from Duo Security says that the problem may be even worse than what Nord suggested.

According to an analysis done by Kempa, a bundled plugin re-installs the root CA file when it is removed. So, to remove the eDellRoot certificate completely, you must:

  • First delete Dell.Foundation.Agent.Plugins.eDell.dll from your system
  • Then remove the eDellRoot root CA certificat

Dell's Response

In a statement, a Dell spokesperson said the company is investigating the report and looking into the certificate, but emphasized the company’s policy of minimizing pre-loaded software for security reasons.

"Customer security and privacy is a top concern for Dell," the spokesperson said. "We've a team investigating the current [issue] and will update you as soon as we have more information."

Source : the hacker news

google launch the second edition of Android Studio preview 2.0
google launch the second edition of Android Studio preview 2.0
google launch the second edition of Android Studio preview 2.0

.
Judicial Watch Sues DOJ for Records of Investigations into the Awan Brothers, Congressional Democrat IT Scandal
Judicial Watch Sues DOJ for Records of Investigations into the Awan Brothers, Congressional Democrat

  (Washington, DC) Judicial Watch announced today that it filed a Freedom of Information Act (FOIA) lawsuit against the Justice Department for a


Judicial Watch Sues DOJ for Records of Investigations into the Awan Brothers, Congressional Democrat IT Scandal
Nick Jonas and Priyanka Chopra post wedding pics in the net

Nick Jonas and Priyanka Chopra publish their photos of their wedding ceremony on Saturday amid reports that the couple married after four months of en


Judicial Watch Sues DOJ for Records of Investigations into the Awan Brothers, Congressional Democrat IT Scandal
Statement from President Donald J. Trump and First Lady Melania Trump on the Passing of Former Presi

Statement from President Donald J. Trump and First Lady Melania Trump on the Passing of Former President George H.W. Bush. (adsbygoogle = win


Judicial Watch Sues DOJ for Records of Investigations into the Awan Brothers, Congressional Democrat IT Scandal
6 Things Under $20 That Seriously Give Fast Results

6. A pack of water bottle–cleaning tablets that§apostrofe§ll FINALLY reach the bottom of yours without the need for scrubbing —


Judicial Watch Sues DOJ for Records of Investigations into the Awan Brothers, Congressional Democrat IT Scandal
Fantastic Beasts drive deeper into pre-Harry Potter world

Rowling reunites with David Yates, the director of four §double§Harry Potter§double§ films, as comfortably as §double§Fantastic B


Judicial Watch Sues DOJ for Records of Investigations into the Awan Brothers, Congressional Democrat IT Scandal
What Do the British Prime Minister and George Clooney Have in Common

Theresa  replaced David Cameron as prime minister of the U.K.with a rather suddenly, much journalists scrambled to find out more about her person



© 2013-2018 best of geeks. All rights reserved.