Superfish-Like Rogue Certificates ‘Found Pre-installed’ On Dell PCs

Dell has been accused of pre-installing a self-signed root certification authentication (CA) onto its laptops, drawing comparisons with the Superfish malware scandal that engulfed Lenovo earlier this year.

It is been labelled a serious security issue as any Dell laptop with the rogue certificate has the same key and could be vulnerable to attackers.

A user on Reddit said discovered his new XPS 15 laptop had the ‘eDellRoot’ certificate while troubleshooting his machine and said other Dell owners had found the same thing.

Dell’s superfish

“After briefly discussing this with someone else who had discovered this too, we determined that they are shipping every laptop they distribute with the exact same root certificate and private key, very similar to what Superfish did on Lenovo computers,” said Kevin Hicks, also known as ‘rotorcowboy’

“This isn’t even a third-party application that placed it there; it’s from Dell’s very own bloatware. To add insult to injury, it’s not even apparent what purpose the certificate serves. At least with Superfish we knew that their rogue root CA was needed to inject ads into your web pages; the reason Dell’s is there is unclear.”

These claims were backed up by Joe Nord, a product manager for Citrix, who said he found the same certificate on a Dell Inspiron 5000 series laptop bought in October while setting up his computer and said his thoughts immediately turned to Superfish.

“The eDellRoot certificate is a trusted root that expires in 2039 and is intended for ‘All’ purposes.  Notice that this is more powerful than the clearly legitimate DigiCert certificate just above it, which spikes more curiosity,” he said, noting upon closer inspection, the offending certificate stated “you have a private key that corresponds to this certificate.”

Who is responsible?

Nord said this clearly put users at risk as the user should never have a key that corresponds to a root CA and that this should be stored on the certificate issuing computer and be well protected.

“Anyone possessing the private key which is on my computer is capable of minting certificates for any site, for any purpose and the computer will programmatically and falsely conclude the issued certificate to be valid.”

At this stage, it is unclear how the certificate has been installed. Hicks says it is a result of Dell’s ‘bloatware, but Nord said it could not be confirmed Dell was responsible.

“While I do know that this certificate came pre-installed on the computer and I do know that it is named ‘Dell’, I do not actually know that this certificate came from Dell Computer Corporation,” said Nord. “Root certificates are always self-signed, so all I really know is that eDellRoot says eDellRoot is legit.”

TechWeekEurope has contacted Dell and will update this article if we receive a response. Hicks did speak to Dell on Twitter and was told it was a “trusted” certificate, although later correspondence suggested Dell was speaking to its product team to find out why the certificate was present.

Do you know the history of Dell? Take our quiz!