Dell shipped its computers (confirmed) with a major security flaw: Dell has inadvertently shipped PCs and laptops with both a trusted root certificate and key, when only the trusted certificate should have been allowed.
“The idea behind the mishap was to help identify Dell computers when they were connected to Dell's online support service. In this case, the computer's model number could be checked, and the support system would have then provided tailored advice and run automated fixes.
In addition to creating tailored support, however, the inadvertent exploit has now made it possible for hackers to eavesdrop on all SSL connections made to secure websites (including online banking, for example).” – infopackets
True, the hackers would have to be online at the same time, but if you’re in a public wifi spot, that would be relatively easy.
So, Dell has published the “How to” remove the rogue certificate on its website here.
Dell hasn’t confirmed the models affected yet. No doubt doing their homework…one report has listed: “Inspiron 3647, Inspiron 5000, Inspiron 5547, Latitude E7450, Precision M4800 and XPS 15.”
I’d be very cautious about using any brand new Dell just now. Dell should be publishing the list of models soon. Use another computer/device to access that list, though.
Also, have a “Happy Thanksgiving”, folks.
Source:
https://www.infopackets.com/news/9727/dell-ships-pcs-massive-security-risk