Emerging Threats

Some Dell computers found vulnerable to man-in-the-middle attacks due to root certificate vulnerability


Authored by a Symantec employee

 

It has been recently discovered that some Dell computers are vulnerable to man-in-the-middle attacks because of an issue with a root certification authority. Root certificates help your web browser verify that websites you visit are legitimate and are who they say they are.  Your web browser comes prepopulated with a number of root certificates from globally-trusted certification authorities such as Symantec, but additional root certificates can added by hardware or software manufacturers.

Dell installs one of these certificates, eDellRoot, on a number of their computers, along with the private decryption key. As a result, this vulnerability can leave computers open to man-in-the-middle attacks. A man-in- the-middle attack (MITM) is akin to eavesdropping. Data being sent from computer A to computer B (server/website) becomes accessible and an attacker can get in-between and intercept these transmissions.

In addition to man-in-the-middle attacks, the eDellRoot certificate authority and private key can also allow attackers to make malware look as if it were coming from a legitimate company, but it will only look legitimate to computers with eDellRoot installed.

Symantec tested Dell computers and found that the eDellRoot certificate authority was present on the following models:

  • Inspiron 7000 (laptop and desktop)
  • Dell Orchid Touch
  • Dell t4034

Dell addressed the issue and provided removal instructions to correct the problem. Dell will be issuing a software update in the future to check for the certificate and remove it.


Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.