According to a Reddit contributor, the certificate from a trusted authority installed as root on certain Dell laptops is similar to the Superfish adware present on Lenovo machines, which exposes users to so-called man-in-the-middle attacks .
Called eDellRoot, the certificate issued by a trusted third party of the same name is part of the elements preloaded as standard on the latest Dell machines. According to a Reddit contributor, who goes by the pseudonym rotocowboy, this certificate could have disastrous consequences. “For those who don’t know how it works, an attacker can use this certificate authority to sign their own fake certificates and use them on real sites. Everything happens without the knowledge of the user unless it occurs to him to check the chain of certificates of the site. This CA could also be used to sign code intended to run on the machines, but I have not yet explored this possibility,” he wrote.
According to programmer Joe Nord, who also owns a Dell computer, “the eDellRoot certificate is very open, which means it has more privileges than a DigiCert certificate,” also installed on his machine. “I absolutely need to know if I can trust the certificate installed as root on my Dell computer,” he wrote on his blog. The manufacturer has not yet responded to a request for an explanation on eDellRoot. It also doesn’t say if there’s anything to worry about. Nevertheless, DellCares, who responded to rotocowboy via his Twitter account, promises to look into the matter. “We understand your situation. We will ask our product teams to explain to us why eDellroot is on your machine,” the tweet read. It is not known if the CA was installed by Dell or an authorized partner to pre-install the software on the machine or if it was introduced by an attacker who infiltrated Dell’s production line.
An adware similar to Superfish
In his post, Joe Nord included a screenshot that reads the certificate description: “You have a private key associated with this certificate.” Except that, according to the programmer, a computer should never host the private key that corresponds to a root certificate authority. “Only the computer from which the certificate originates can host a private key and this computer must be… very well protected! According to Joe Nord, it is impossible to say whether the manufacturer himself installed this certificate. “Root certificates are always self-signed, so all we can know is that eDellRoot says eDellRoot is legit,” he explains. “The problem is that the private key is present on my computer. And this is completely abnormal and disturbing”.
Both Joe Nord and rotocowboy fear that eDellRoot looks like the Superfish adware discovered on Lenovo computers earlier this year. Superfish created a proxy for HTTPS connections between websites and users’ computers, allowing data to be inserted into every page the machine downloaded. Also, Superfish used the same certificate on all Lenovo machines, and the private key for the certificate was easy to retrieve. In a message posted on Twitter, Mikko Hypponen, the research director of F-Secure, also linked Superfish to eDellRoot. He also points out that “Dell created its #eDellRoot certificate six months after the Lenovo Superfish scandal”. Adding: “They learned no lesson from this event”.
