There is a second major security vulnerability in Dell computers
The new issue is caused by Dell System Detect, a tool provided by Dell to help provide customer support, the company told Business Insider. It means that attackers can stage a man-in-the-middle attack - impersonating websites to trick users into giving up their passwords, banking details, and other sensitive data.It stems from a security certificate that comes is included in Dell System Detect. It includes its "private keys" which hackers could use to pretend to be a website without triggering web browser alarms designed to spot this kind of fraud.Advertisement
This is the second such issue discovered in Dell computers just this week: An earlier security certificate "intended to make it faster and easier for customers to service our systems" also left customers vulnerable. Dell has since released an app that will delete the compromising certificate, and also published instructions on how to do it manually. Both are available here.
The new dodgy certificate was discovered by LaptopMag, and the certificate in question is called DSDTestProvider.Man-in-the-middle attacks typically take place with the attacker on the same Wi-Fi network as the victim - such as a public coffee shop connection. In a blog post about the first Dell vulnerability, Errata Security CTO Robert Graham said that "if I were a black-hat hacker, I'd immediately go to the nearest big city airport and sit outside the international first class lounges and eavesdrop on everyone's encrypted communications. I suggest 'international first class,' because if they can afford $10,000 for a ticket, they probably have something juicy on their computer worth hacking."
He continued: "I point this out in order to describe the severity of Dell's mistake. It's not a simple bug that needs to be fixed, it's a drop-everything and panic sort of bug. Dell needs to panic. Dell's corporate customers need to panic."The vulnerability doesn't just put customers' data at risk of theft - it could apparently also be used to install malware on their devices. "An attacker can impersonate web sites and other services, sign software and email messages, and decrypt network traffic and other data," says a vulnerability report about the issue. "Common attack scenarios include impersonating a web site, performing a MiTM attack to decrypt HTTPS traffic, and installing malicious software."The first issue appears to have affected computers sold by Dell from August 2015 onwards. A Dell spokesperson told Business Insider that it affects customers "who used the "detect product" functionality on our support site between Oct. 20 and Nov. 24, 2015." The company is now planning to release a software fix to "address the issue."Advertisement
In a statement, Dell said: "When we became aware of [earlier vulnerability] eDellRoot earlier this week, we immediately dug into all our applications that get loaded on Dell PCs. We can confirm we have found no other root certificates on the factory installed PC image. What we did find was that the Dell System Detect application and its DSDTestProvider root certificate had similar characteristics to eDellRoot."
It says the DSDTestProvider was intended "to make it faster and easier for our customers to get support."Advertisement
If any of this sounds familiar, it's because it is: A similar issue affected Lenovo devices earlier this year. The computer manufacturer also left users vulnerable to interception - in that case, to insert adverts into webpages.