Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Second Root Certificate, Tracking Issue Found on Dell PCs

After news broke that Dell desktop and laptop computers include a self-signed root certificate that can be exploited for man-in-the-middle (MitM) attacks, experts found a second such certificate, along with a security issue that can be leveraged to track users.

After news broke that Dell desktop and laptop computers include a self-signed root certificate that can be exploited for man-in-the-middle (MitM) attacks, experts found a second such certificate, along with a security issue that can be leveraged to track users.

Experts discovered last week that Dell commercial and consumer systems running an application called Dell Foundation Services included a root certificate, eDellRoot, and its private key. An MitM attacker could have exploited this weakness to intercept HTTPS communications and steal sensitive data or serve malware to the victim.

Dell said it had been shipping the root certificate with Dell Foundation Services updates since August. The certificate was used to allow online support staff to identify the computer model when helping customers.

After security experts raised the alarm, Dell provided instructions on how to remove eDellRoot and started pushing out new updates designed to delete the certificate.

The incident reminded many of the Lenovo Superfish adware discovered earlier this year. Ironically, Dell has been using the Superfish story to advertise its laptops, claiming that all preinstalled software undergoes security and privacy testing.

It turns out that there is a second certificate on Dell devices that can be exploited by MitM attackers. According to researchers, Dell System Detect, a support app preloaded on many PCs, installs a root certificate named DSDTestProvider into the Trusted Root Certification Authorities store in Windows.

This certificate also includes the private key, which means malicious actors could generate rogue certificates and use them to impersonate websites, sign software, and decrypt network traffic, CERT/CC said in an advisory. Dell says it’s currently investigating the issue of the DSDTestProvider certificate.

This is not the first time experts have found a security issue related to Dell System Detect. Earlier this year, researcher Tom Forbes reported that older versions of the application were vulnerable to remote code execution attacks, which led to Malwarebytes classifying the tool as a potentially unwanted program (PUP).

Advertisement. Scroll to continue reading.

On Monday, a researcher reported finding another privacy issue related to Dell Foundation Services. The expert, known online as “Slipstream,” discovered that any website can obtain a device’s service tag, which Dell uses to obtain information on a product’s technical specifications and warranty.

A proof-of-concept site set up by Slipstream shows how easily websites can track Dell Foundation Services users. The information obtained from the service tag can be used by malicious actors to trick victims into thinking they are Dell support technicians, F-Secure’s Mikko Hypponen told Motherboard.

Cloud-based access security provider Duo Security has also identified a certificate-related issue. Experts found that an attacker could have obtained a code signing certificate shipped by Dell with its Bluetooth management software. The certificate expired in 2013, but Duo says there was a period of at least 11 days when the certificate could have been abused.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.