Dell has a Superfish-like certificate on their machines

[Techdude154]

A user on Reddit has found a certificate included on his recent Dell XPS 15 similar to the Superfish certificate used by Lenovo this year.

 

Here is the reddit thread:

https://www.reddit.com/r/technology/comments/3twmfv/dell_ships_laptops_with_rogue_root_ca_exactly/

 

 

I got a shiny new XPS 15 laptop from Dell, and while attempting to troubleshoot a problem, I discovered that it came pre-loaded with a self-signed root CA by the name of eDellRoot

 

 

 

An article was written about this as well from TechWeekeurope who have confirmed with a product manager from Citrix that the certificate was found on his Inspiron 5000 series:

 

 

These claims were backed up by Joe Nord, a product manager for Citrix, who said he found the same certificate on a Dell Inspiron 5000 series laptop bought in October while setting up his computer and said his thoughts immediately turned to superfish.

 

 

TechWeekeurope has attempted to contact dell and will update when they get a response

 

TechWeekEurope has contacted Dell and will update this article if we receive a response. Hicks did speak to Dell on Twitter and was told it was a “trusted” certificate, although later correspondence suggested Dell was speaking to its product team to find out why the certificate was present.

 

 

 

Here is the article:

http://www.techweekeurope.co.uk/security/firewall/superfish-like-rogue-certificates-found-pre-installed-dell-pcs-181034

 

It's unfortunate to see Dell go the way of Lenovo and install the certificate. Nobody actually knows what this one does yet, at least with Lenovo we saw it inject ads. We'll have to see what happens when dell responds. Personally I'm probably not going to buy any product from them again, which is something I would not like to do because I really like them.

 

*edit:

Here's another article from arstechnica

 

http://arstechnica.com/security/2015/11/dell-does-superfish-ships-pcs-with-self-signed-root-certificates/

[Kherm]

Don't worry, it expiresin 2039

[Altecice]

Im not buying this at all... Its a self signed certificate that has very limited access to do anything at all. Id guess that the only reason its there is to self sign DELL bloat-ware for automatic upgrades (to make sure its not been tampered with).

[TrigrH]

seems pretty fishy

[KemoKa]

Can we sue them for false advertising by omission?

Oh wait, then we would have done that to Lenovo...

[KemoKa]

seems pretty fishy

Very fishy indeed. You could even say that it's...

superfishy...

 

*incoming picard facepalm storm*

[Lethal Seraph]

Uh oh Dell. I'm actually surprised things hasn't been suspected from other pc companies after the shitstorm that Lenovo did.

[zMeul]

Lenovo started it, DELL followed .. wonder where HP stands  :lol:

[AlexGoesHigh]

FFS, WHY THE FUCK WOULD YOU COMPRISES YOUR CLIENTS WITH THAT SHIT, THIS IS HOW YOU GET PEOPLE TO NOT BUY YOUR FUCKING PRODUCT, NOR COMEBACK AFTERWARDS...

 

and then they fucking wonder why Apple macs still grow despite everyone selling less, jesus fuu- christ.

 

/rant

 

worst part for me is that the new XPS 15 is such a badass laptop ;_;

[ManWithBeard1990]

A certificate in and of itself doesn't seem that harmful to me, I'm not sure I understand the problem.

[NumLock21]

Lenovo started it, DELL followed .. wonder where HP stands  :lol:

Checking my HP now for eHPRoot... Nope don't have, got nothing with HP in it. Then it's obvious I've done a clean install without the bloat crap.

[LAwLz]

It is just a certificate used for encryption... It is not at all like the Spyware that was found on Lenovo laptops.

Edit: haha they included their private key with the cert? It's a massive fuckup that results in a big security hole, but it's still nothing like what Lenovo did.

[Jerakl]

It is just a certificate used for encryption... It is not at all like the Spyware that was found on Lenovo laptops.

 

Until more info is available this is my current stance on it.

 

 

 

I only really buy their monitors anyways.

[JoshB2084]

Ummm...Reformat your crappy Dell(no offense, Dell owners.) disk, then installing fresh (real one) Windows OS in.... There's no smell superfish and bloatware bullshit.  Use common sense.

[suicidalfranco]

i don't get why people get all pissed about this and lenovo but not at microsoft...

[EChondo]

Until more info is available this is my current stance on it.

 

 

 

I only really buy their monitors anyways.

Yeah I'm still going to buy their monitors, but a little sketch on their laptops/desktops now.

 

i don't get why people get all pissed about this and lenovo but not at microsoft...

Explain? Why should we be pissed at Microsoft? Cause I've been seeing MS hate 100% of the time for the past 5 months since W10 has been released.

[suicidalfranco]

Explain? Why should we be pissed at Microsoft? Cause I've been seeing MS hate 100% of the time for the past 5 months since W10 has been released.

 

cause it's an adware

[LAwLz]

cause it's an adware

It isn't.

 

Lenovo was adware (injected ads into websites you visited).

This Dell thing is a security issue that seems like a very big oversight (potentially allows Trojan horses to appear like genuine HP software for HP users).

Windows 10 is spyware (collects information about users without their full knowledge and consent).

[suicidalfranco]

It isn't.

 

Lenovo was adware (injected ads into websites you visited).

This Dell thing is a security issue that seems like a very big oversight (potentially allows Trojan horses to appear like genuine HP software for HP users).

Windows 10 is spyware (collects information about users without their full knowledge and consent).

okay, interpreted this case to be similar to lenovo's superfish

but Win10 does serve you ads based on that data collection too

[CoolaxGaming]

okay, interpreted this case to be similar to lenovo's superfish

but Win10 does serve you ads based on that data collection too

What ads?

[suicidalfranco]

What ads?

the ones you'll see on the start menu, at bing, at outlook, inside apps that use MS's universal ad client, etc etc