There is a second major security vulnerability in Dell computers
The new issue is caused by Dell System Detect, a tool provided by Dell to help provide customer support, the company told Business Insider. It means that attackers can stage a man-in-the-middle attack - impersonating websites to trick users into giving up their passwords, banking details, and other sensitive data.It stems from a security certificate that comes is included in Dell System Detect. It includes its "private keys" which hackers could use to pretend to be a website without triggering web browser alarms designed to spot this kind of fraud.
The new dodgy certificate was discovered by LaptopMag, and the certificate in question is called DSDTestProvider.Man-in-the-middle attacks typically take place with the attacker on the same Wi-Fi network as the victim - such as a public coffee shop connection. In a blog post about the first Dell vulnerability, Errata Security CTO Robert Graham said that "if I were a black-hat hacker, I'd immediately go to the nearest big city airport and sit outside the international first class lounges and eavesdrop on everyone's encrypted communications. I suggest 'international first class,' because if they can afford $10,000 for a ticket, they probably have something juicy on their computer worth hacking."
He continued: "I point this out in order to describe the severity of Dell's mistake. It's not a simple bug that needs to be fixed, it's a drop-everything and panic sort of bug. Dell needs to panic. Dell's corporate customers need to panic."The vulnerability doesn't just put customers' data at risk of theft - it could apparently also be used to install malware on their devices. "An attacker can impersonate web sites and other services, sign software and email messages, and decrypt network traffic and other data," says a vulnerability report about the issue. "Common attack scenarios include impersonating a web site, performing a MiTM attack to decrypt HTTPS traffic, and installing malicious software."The first issue appears to have affected computers sold by Dell from August 2015 onwards. A Dell spokesperson told Business Insider that it affects customers "who used the "detect product" functionality on our support site between Oct. 20 and Nov. 24, 2015." The company is now planning to release a software fix to "address the issue."
In a statement, Dell said: "When we became aware of [earlier vulnerability] eDellRoot earlier this week, we immediately dug into all our applications that get loaded on Dell PCs. We can confirm we have found no other root certificates on the factory installed PC image. What we did find was that the Dell System Detect application and its DSDTestProvider root certificate had similar characteristics to eDellRoot."
It says the DSDTestProvider was intended "to make it faster and easier for our customers to get support."
If any of this sounds familiar, it's because it is: A similar issue affected Lenovo devices earlier this year. The computer manufacturer also left users vulnerable to interception - in that case, to insert adverts into webpages.
NOW WATCH: Google's self-driving car has a huge problem
- Airtel's India business is back in the black after a very long time
- Sequoia and PayPal-backed Pine Labs completes a first close of $285 million funding round from new investors
- BJP spent significantly less on advertising during Kerala elections this year, its ad insertions on TV, Radio and Print decreased from 21% in 2016 to 1% in 2021
- Google I/O 2021: Here's what to expect from Google's biggest annual conference
- ISRO announces its decision to share technology to make portable medical oxygen concentrators developed by VSSC