After discovering an unintentional vulnerability built into its laptops, Dell has released an apologetic statement and issued a free software removal tool for affected machines.
In a blog post, Dell officials wrote that its XPS 15, XPS 13 and Inspiron 5000 series notebooks came preinstalled with a root certificate named eDellRoot to allow its online support agents to quickly identify a customer's computer model for servicing.
"This certificate is not being used to collect personal customer information," a Dell spokesperson wrote to distance themselves from the Lenovo Superfish adware scare.
Attached to the statement, Dell also posted user instructions to permanently remove the problematic eDellRoot entity. First discovered by a programmer named Joe Nord, the preinstalled SSL certificate could have potentially allowed hackers to reverse-engineer a signing key and gain access to a user's computer through a public Wi-Fi hotspot.
By spoofing the SSL key, hackers could have also launched more sophisticated attacks over an unsafe website or internet access point to scrape passwords, credit card numbers and other sensitive information.
- Get the best anti-virus software
No comments:
Post a Comment