Latest in Bloatware

Image credit:

Dell is the latest PC maker with a gaping security flaw, but it will fix it

65 Shares
Share
Tweet
Share
Save

Sponsored Links

Lenovo and Samsung might not be the only big Windows PC makers pre-installing software that compromises your security. Computer buyers have discovered that Dell is shipping at least some PCs (such as the new XPS 15) with a self-signed security certificate that's the same on every system. If intruders get a raw copy of the certificate's private key, which isn't hard, they have an easy way to attack every PC shipping with this code. The kicker? This is much like Lenovo's Superfish exploit, only written by the hardware vendor itself -- Dell had plenty of time to learn from its rival's mistake.

What happens next isn't clear. We've reached out to Dell, and it tells us that its engineers are "investigating the current situation." You can read its full statement below. However, it's reasonable to suspect that Dell will either find a way to vary its certificates (so that a hacker can't attack everyone) or eliminate this certificate altogether. It certainly can't afford to maintain the status quo, since it could be exposing millions of people to data thieves.

"Customer security and privacy is a top concern for Dell. We have a strict policy of minimizing the number of pre-load applications and assessing all applications for their security and usability. Dell has an extensive end-user security practice that develops capabilities and best practices to best protect our customers. We have a team investigating the current situation and will update you as soon as we have more information."

Update: Dell now says that it's going to yank the certificate (which helps identify your PC to support techs) on all systems from here on out, and it's providing instructions to remove the code on your existing computer. The company adds that it doesn't scoop up personal information, although the concern is more that others could collect that data.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
65 Shares
Share
Tweet
Share
Save

Popular on Engadget

The best consoles, games and accessories for students

The best consoles, games and accessories for students

View
Recommended Reading: Taylor Swift and Spotify are... best friends?

Recommended Reading: Taylor Swift and Spotify are... best friends?

View
Hitting the Books: We can engineer the Earth to fight climate change

Hitting the Books: We can engineer the Earth to fight climate change

View
The Morning After: Hands on with Disney+ 4K and HDR streaming

The Morning After: Hands on with Disney+ 4K and HDR streaming

View
Ask Engadget: What are the best outdoor navigation apps?

Ask Engadget: What are the best outdoor navigation apps?

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr