Over the weekend it emerged that Dell’s been sending out machines with a potentially vulnerable root CA security certificate after its private key was leaked. Dell’s on it, but whatever manufacturer you use, there are a few things that you can learn from the situation about how to improve your online security.
Hot on the heels of the Lenovo Superfish situation, it’s been discovered that the root CA on certain Dell machines could potentially be compromised. The certificate is called ‘eDellRoot’ and Dell says it was originally installed as part of a support tool but it turns out that attackers could now use the certificate to carry out attacks on data, including decrypting sensitive user info.
Over the weekend reports were coming in thick and fast from users finding the vulnerable root CA certificate on models including newer Dell XPS, Precision and Inspiron desktops and notebooks. Although Dell originally played it down, they yesterday issued an apology and a fix, but continue to claim that – unlike Lenovo’s Superfish scandal – it’s nothing to do with adware.
The outcome of the leak is that attackers could potentially extract the private key from one machine, then start creating their own eDellRoot signed certs and tricking Dell machines into accepting these fakes as legitimate websites. They could also do things like set up their own Wi-Fi hotspot in a café and nick info from Dell devices when users log into it, or pose as a legit website to get to your info (known as a man-in-the-middle attack).
Dell has been praised for apologising quickly, and is releasing a software update to get rid of the certificate; in the meantime you can test your computer to see if you’re vulnerable.
One way of guarding against this kind of problem in future is to remove all the pre-installed root certificates that come on your computer. It means that when you visit a website for the first time it’ll say it’s not trusted, but then all you have to do is take a closer look at the certificate to check who signed it; then go to the website of the company that signed it and download the root CA from there. Once you have it, any website you visit in future that has a root CA also signed by that source will be allowed.
Sounds like a bit of a faff but you shouldn’t need to do it too many times and it’s worth it to make sure stress like this doesn’t happen!
For more information on security certificates take a look at our website or give us a call on 0208 045 4945.