After Lenovo and Samsung, it looks like Dell is the latest Windows PC maker which pre-installs software that could be possibly compromising the user’s security. According to several user reports, Dell is shipping the Inspiron 5000 and XPS 15 with a self-signed security certificate: eDellRoot. The worst thing about this security certificate is that it is the same on every system, which means, attackers can easily attack all Dell PCs with this certificate’s private key. It is worth noting that The Verge was able to detect the same security certificate on the XPS 13, which could possibly suggest that this is affecting quite a few Dell computers.
Yes, this is very similar to Lenovo’s Superfish exploit. The folks over at Engadget reached out to Dell, and got the following statement:
“Customer security and privacy is a top concern for Dell. We have a strict policy of minimizing the number of pre-load applications and assessing all applications for their security and usability. Dell has an extensive end-user security practice that develops capabilities and best practices to best protect our customers. We have a team investigating the current situation and will update you as soon as we have more information.”
This is, indeed, very concerning for users. Hopefully, other OEMs will start learning from Dell, Samsung, and obviously, Lenovo.
Image Credit: Ars Technica UK