A number of Dell laptops are believed to have been shipped with an SSL certificate which is constantly generating security concerns. The SSL certificate comes preinstalled on the affected laptops and is misused by the hackers to spy on web traffic. This certificate is known as eDellRoot.
When informed about such vulnerabilities in the laptops, Dell said that they regret about the security concerns their laptops are causing and are taking steps to address them as soon as possible. Dell also claims that unlike Lenovo’s Superfish scare, its SSL certificate is never used for adware.
Dell has given clarifications on why they used an SSL certificate on its laptops. According to a Dell spokesperson, the intention was just to provide system service tags to Dell online support in order to identify the computer model quickly.
This certificate will not be able to collect personal customer information. Dell has now posted various instructions in order to help its users remove the certificate permanently from affected systems. The company is also going to publish a software update very soon that will check for the certificate on its own and removes it too.
There is yet no confirmation on how many machines are affected by this vulnerability, but few models like the Inspiron 5000, XPS 13 and XPS 15 are said to be affected by the preinstalled certificate.
Dell’s prompt responses are commendable but failed to learn from the mistakes made by Lenovo. It’s quite surprising when you notice Dell using the Lenovo’s Superfish scare as a marketing trick. A number of Dell’s PC pages have this question prompting on their screens “Worried about Superfish?”
Dell officials said that they take utmost care to test each application that is pre- loaded, with security, usability and privacy ensuring that the customers experience the best computing performance, reduced security and privacy concerns and faster set-up. The security testing is the only field that needs improvement as of now.