eDellRoot : Dell says that it will release a tutorial for removing the rogue CA from PCs/Laptops
After we had broken the story about Dell PCs and Laptops shipping with a rogue CA , thanks to inputs from rotorcowboy and Joe Nord, there was huge outcry and following that Dell had to agree that its PCs and Laptops were indeed shipping with a self signed security hole. However it has clarified that only Dell PC’s and Laptops shipped from August 2015 have the rogue CA installed on them.
Further, Dell says it will publish a guide to remove the web security backdoor it installed in its Windows laptops and desktop PCs.
According to Dell, only the new models from the XPS, Precision and Inspiron families have the the self signed root level rogue CA called eDellRoot installed on them. As of now Dell has not clarified what this eDellRoot certificate can do or why it shipped its PCs/Laptops with the rogue CA.
According to experts the rouge CA is bundled with its private key which can be used by the malicious actors to launch man-in-the-middle attacks. Potential hackers can also use the certificate and the key to intercept and decrypt web traffic. Once done, the hacker could have access to the victim’s username, passwords (including banking/credit card details) and overall web history.
As Joe Nord emphasised in his web post, the rogue CA has been installed by Dell engineers at root level and cannot be deleted using simple means. Another user on Reddit advised that to remove the rogue CA completely one has to delete the .DLL plugin shipped with it.
Dell in a statement said that it will publish a step by step tutorial for Dell PC and Laptop owners to remove the rogue CA completely from their PCs. It also said that the future Dell PCs and Laptops will not shipped with eDellRoot. The statement released to media says,
The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience. Unfortunately, the certificate introduced an unintended security vulnerability.
If you own a Dell PC or Laptop and are worried about having such a security hole on your PC, you need to wait for Dell to issue the removal tool. Advanced users may delete the .DLL –
Dell.Foundation.Agent.Plugins.eDell.dll – as well as the eDellRoot certificate and safeguard their PCs/Laptops. You can use the Windows certificate manager to view/delete the rogue CA.
Those users who dont know how to check root level certificates and whether their PCs/Laptops have eDellRoot installed in it, check here and find out.