Dell laptops ship with a Superfish-like security hole

Dell has acknowledged that there is a security breach in two of its laptop ranges that are currently being shipped. The security hole can only be removed by the end customer and if not, will make it very easy for hackers to steal personal user information off the devices. 

Worryingly, hackers could access encrypted messages, online banking information, redirect browser traffic as well as set up new functionalities designed to spam and scam consumers once they access it. Dell said in a statement to Reuters: “The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience,” Dell said in a statement to Reuters. “Unfortunately, the certificate introduced an unintended security vulnerability.”

Dell have not said how many laptops are currently affected or indeed which models they are but have said that future models will not have the same vulnerability which is very similar to what Lenovo faced, earlier this year with the Superfish breach on their laptops. However, these models have been reported to have the vulnerability reported on them: Precision M4800, XPS 15, Latitude E7450, Inspirion 5548, Inspirion 5000 and Inspiron 3647.

Dell have said that the breach has been present on laptops since August and they will be emailing customers details on how to remove this loophole from their laptops as well as publishing how-tos on its support website. 

Your web browsing history will soon be recorded by the Government

This malware can change your Android phone's PIN!

The potentially hugely embarassing and expensive slip-up by Dell was first pointed out on Reddit where a user showed how the eDellRoot, trusted pre-installed root certificate captured all the data on the laptops that were generated from HTTPS-encrypted traffic. 

 

Leave a Comment