Barely a day after Dell announced it was fixing a major security flaw on its recently shipped PCs, a second one has been discovered in the form of a self-signed root certificate.
Nearly identical to the previous issue, the DSDTestProvider certificate comes preinstalled along with its own private key on some Dell Inspiron and XPS models.
The DSDTestProvider certificate is installed through the Dell System Detect toll into the Trusted Root Certificate Store on newer systems. Since it includes its own private key, it can be used by attackers to generate false certificates for malicious websites and trick affected Dell systems into trusting their HTTPS connection.
This could be exploited by hackers to intercept users’ Web traffic to capture their credit card details and passwords or install malware on their computers.
In addition to being injected into users’ systems without their knowledge, a major problem with such manufacturer-installed certificates is that they might be tied to the computer’s BIOS and therefore pose a bit of a challenge to remove completely.
While Dell has acknowledged the existence of the eDellRoot certificate that was discovered earlier and issued a fix, it has yet to do so for the DSDTestProvider certificate. It’s unclear as to why the company didn’t release instructions and a software update to remove both potentially dangerous certificates the first chance it got.
Update: Dell has released a downloadable tool that removes both root certificates that you can grab here.
➤ A second dangerous Dell root certificate discovered [Computerworld]
Published November 25, 2015 — 09:11 UTC