Older Dell devices also affected by dangerous eDellRoot certificate
- 26 November, 2015 18:44
Users of Dell Windows-based laptops, desktops, tablets and other devices that were bought before August should check if their systems have the self-signed eDellRoot certificate that can compromise their private communications.
The certificate was installed by Dell Foundation Services (DFS), an application that Dell preloads on many of its devices in order to ease customer service and technical support functions.
After the certificate's existence came to light earlier this week, Dell said that it started deploying the certificate through a Dell Foundation Services version released in August. This led many people to believe that only Dell devices bought since August were affected.
That's not true. Older devices that had Dell Foundation Services (DFS) installed might also have the certificate, if the tool was configured to receive automatic updates. A Dell Venue Pro 11 convertible Windows tablet in PCWorld's possession that was bought in April was affected.
"For those customers who already had Dell Foundation Services and opted in to updates, the eDellRoot certificate was part of versions 2.2/2.3 issued starting in August," a Dell representative confirmed Wednesday via email.
"When you install DFS, it asks if you want to receive automatic updates," the representative said. "Our customers who choose 'yes' receive the automatic updates."
However, since DFS comes preloaded on many systems it's unclear at which point the user has to opt in to automatic updates. According to the tool's release notes, it is compatible with devices from various product lines, including XPS, OptiPlex, Inspiron, Precision, Precision Tower, Vostro, Latitude and Venue Pro.
A second Dell self-signed root certificate called DSDTestProvider has also been found. This certificate was deployed on computers by the Dell System Detect (DSD) tool that users are prompted to install when they visit the Dell support website and click the "Detect Product" button.
This tool is not preloaded on computers and only users who visited the Dell support website between Oct. 20 and Nov. 24 were potentially prompted to download a DSD version that included the certificate. Even if users had this application installed on their computers from previous visits to the Dell support website, DSD does not update itself automatically without the user visiting the website again and agreeing to install the latest version, according to the Dell representative.
Dell has provided a removal tool and published manual removal instructions for both the eDellRoot and DSDTestProvider. Users can check if they have these certificates on their systems by pressing the Windows key + r, typing certlm.msc and hitting Run. After allowing the Microsoft Management Console to execute, they can look for them in the Trusted Root Certification Authorities > Certificates list.