There have been concerns about the security of Dell System Detect before, Malwarebytes has an article about it from April mentioning that it was vulnerable to a remote code execution vulnerability. After googling what DSD might be I quickly found it. This new certificate is not covered by Dell's removal instructions yet.ĭell has issued an official statement on their blog and in the comment section a user mentioned this DSDTestProvider certificate. My online test now checks both certificates. Unlike the Dell Foundations Services this one does not need a Dell computer to be installed, therefore it was trivial to extract the certificate and the private key. It is named DSDTestProvider and comes with a software called Dell System Detect. I just found out that there is a second root certificate installed with some Dell software that causes exactly the same issue. Update (): Second Dell root certificate DSDTestProvider Image source and license: Wistula / Wikimedia Commons, Creative Commons by 3.0 This article is mostly a translation of a German article I wrote for. Similar vulnerabilities were found in other software products, for example in Privdog and in the ad blocker Adguard. After that incident several other programs with the same vulnerability were identified, they all used a software module called Komodia. It used a root certificate for that and the corresponding private key was part of the software. Superfish intercepts HTTPS-connections to inject ads. Earlier this year it became public that Lenovo had preinstalled a software called Superfish on its Laptops. This incident is almost identical with the Superfish-incident. You also need to remove the file .eDell.dll, Dell has now posted an instruction and a removal tool. The "eDellRoot" certificate can be found under "Trusted Root Certificate Authorities". The certificate manager can be started by clicking "Start" and typing in "certmgr.msc". Affected users should immediately remove the certificate in the Windows certificate manager. Users of Dell laptops can check if they are affected with an online check tool. Not affected are Firefox-users, Mozilla's browser has its own certificate store. Among the common Windows browsers this affects the Internet Explorer, Edge and Chrome. In that case Dell wouldn't have installed the private key on the system.Īffected are only users that use browsers or other applications that use the system's certificate store. ![]() However it seems unliklely that it was placed there deliberately for surveillance purposes. It is currently unclear which purpose this certificate served. We asked Dell for a statement three weeks ago and didn't get any answer. I was made aware of this issue a while ago by Kristof Mattei. This is a compromise in the implementation that allows the operation of so-called TLS interception proxies. Even HTTP Public Key Pinning (HPKP) does not protect against such attacks, because browser vendors allow locally installed certificates to override the key pinning protection. Every attacker can use this root certificate to create valid certificates for arbitrary web pages. A user of the plattform Reddit has posted the Key there.įor users of the affected Laptops this is a severe security risk. However this provides no real protection, there are Tools to export such non-exportable certificate keys. The private key of this certificate is marked as non-exportable in the Windows certificate store. According to the somewhat unclear description from Dell it is used to provide "foundational services facilitating customer serviceability, messaging and support functions". This software is still available on Dell's webpage. The certificate, which is installed in the system's certificate store under the name "eDellRoot", gets installed by a software called Dell Foundation Services. Therefore attackers can use Man in the Middle attacks against Dell users to show them manipulated HTTPS webpages or read their encrypted data. ![]() The private key is also installed on the system and has been published now. It seems that Dell hasn't learned anything from the Superfish-scandal earlier this year: Laptops from the company come with a preinstalled root certificate that will be accepted by browsers. I've provided an online check, affected users should delete the certificate. That completely compromises the security of encrypted HTTPS connections. Tl dr Dell laptops come preinstalled with a root certificate and a corresponding private key.
0 Comments
Leave a Reply. |