• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Cookie Policy (US)
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech Guide
  • Home Improvement
  • Gadget & Apps
  • News

Dell PCs disregard the basic cryptographic security

Updated on Nov 27, 2015 by Guest Authors

A new critical security vulnerability has been discovered in Dell laptops, and it will be just a few clicks away before attackers could take advantage of the flaw for their own personal gains.

The security flaw comes hot on the heels of a recently detected weak digital certificate in a Dell laptop, and it seems the problem is growing into a larger attack surface for hackers. According to Duo Security, the company that found out the vulnerability, the problem originated from PCs shipped by Dell that contain self-signed root digital certificate.

dell-laptop

The digital certificate, called eDellRoot, works to secure data flow with encryption. By some unknown error, however, Dell also installed the private encryption key along with the root certificate, making it easy for any tech savvy guy to create fake digital certificates.

As a result, attackers can also develop malicious websites and make them look legitimate using their own digital certificates. But there are more bad implications arising from this critical security flaw. For instance, there is a huge possibility that attackers can also launch a man-in-the-middle attack in order to snoop on data being transmitted between a server and a user.

According to Dell, it plans to release a guide to help users who have purchased a Dell PC remove the private encryption key certificate from the system. The problem affects, for the most part, the Dell Inspiron 14 laptop, according to the security researchers that investigated the issue.

In order to make sure that the certificate has not been used at least to create spoof websites, the researchers made a thorough scan of the Web with the help of Censys, which provided the tool for checking Internet systems that may have used the eDellRoot for traffic encryption.

For now, at the very least, the scan did not turn up websites that use the eDellRoot certificate being investigated. But there were a couple of Internet Protocol addresses that were found to use a self-signed root certificate with an eDellRoot digital fingerprint, though it is quite different from the certificate in question.

So it appears that not only the Inspiron 14 laptop is affected by the problem, but Dell could also have shipped other models that contain similar cryptographic keys. A basic cryptographic practice is that no two cryptographic keys should be identical. And Dell failed in a major way to take that into consideration and uphold the security for its vast customers.

Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Footer

Review of the Waterpik Evolution and Nano Water Flosser Combo Pack

Transparent Shaving: The yoose ICE Electric Shaver Review

INKBIRD IBS-TH5 Review – Smart Thermo Hygrometer with E-Ink Display

LISEN MagSafe CD Phone Holder for Car Review

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • Review of the Waterpik Evolution and Nano Water Flosser Combo Pack
  • Transparent Shaving: The yoose ICE Electric Shaver Review
  • The Hidden Cost of Cryptocurrency: Bitcoin’s Energy and Water Footprint
  • Free Places To Sleep Inside Hong Kong Airport During Long Transits

Copyright © 2023 ยท All Rights Reserved

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}