Older Dell devices also affected by dangerous eDellRoot certificate

The problematic Dell Foundation Services tool might have updated itself on systems bought before August

Users of Dell Windows-based laptops, desktops, tablets and other devices that were bought before August should check if their systems have the self-signed eDellRoot certificate that can compromise their private communications.

The certificate was installed by Dell Foundation Services (DFS), an application that Dell preloads on many of its devices in order to ease customer service and technical support functions.

After the certificate's existence came to light earlier this week, Dell said that it started deploying the certificate through a Dell Foundation Services version released in August. This led many people to believe that only Dell devices bought since August were affected.

That's not true. Older devices that had Dell Foundation Services (DFS) installed might also have the certificate, if the tool was configured to receive automatic updates. A Dell Venue Pro 11 convertible Windows tablet in PCWorld's possession that was bought in April was affected.

"For those customers who already had Dell Foundation Services and opted in to updates, the eDellRoot certificate was part of versions 2.2/2.3 issued starting in August," a Dell representative confirmed Wednesday via email.

"When you install DFS, it asks if you want to receive automatic updates," the representative said. "Our customers who choose 'yes' receive the automatic updates."

However, since DFS comes preloaded on many systems it's unclear at which point the user has to opt in to automatic updates. According to the tool's release notes, it is compatible with devices from various product lines, including XPS, OptiPlex, Inspiron, Precision, Precision Tower, Vostro, Latitude and Venue Pro.

A second Dell self-signed root certificate called DSDTestProvider has also been found. This certificate was deployed on computers by the Dell System Detect (DSD) tool that users are prompted to install when they visit the Dell support website and click the "Detect Product" button.

This tool is not preloaded on computers and only users who visited the Dell support website between Oct. 20 and Nov. 24 were potentially prompted to download a DSD version that included the certificate. Even if users had this application installed on their computers from previous visits to the Dell support website, DSD does not update itself automatically without the user visiting the website again and agreeing to install the latest version, according to the Dell representative.

Dell has provided a removal tool and published manual removal instructions for both the eDellRoot and DSDTestProvider. Users can check if they have these certificates on their systems by pressing the Windows key + r, typing certlm.msc and hitting Run. After allowing the Microsoft Management Console to execute, they can look for them in the Trusted Root Certification Authorities > Certificates list.

Join the CSO newsletter!

Error: Please check your email address.

Tags desktop PCDellPCsecurityComponentstabletslaptopseRoot certification

More about DellMicrosoftPrecision

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place