Vulnerabilities discovered in various Dell computers

0
Michael Dell in 2010
Michael Dell in 2010

In recent days the controversies have become strong against Dell after it was discovered that some of its laptop models came with a root Certificate Authority (CA) called eDellRoot preinstalled that can be easily compromised. The company quickly took steps to make available a program to correct the vulnerability but news came of another probleme similar on Dell PCs.

For those who follow the security sector news, this problem immediately brings to mind the Superfish case of some Lenovo models. In very simple words, what is supposed to be a security certificate is not at all secure. It uses a cryptographic key that can be easily discovered and used by attackers to penetrate the Dell computer.

After the issue was made public, Dell reacted promptly admitting the vulnerability, apologizing and providing a series of instructions to allow the owners of Dell systems to figure out if it’s present in their computer and a program to correct it. The question, albeit obnoxious and certainly not positive for Michael Dell (photo ©mikeandryan) and his company, seemed to end there but new reports point out another vulnerability.

The new problem is linked to another certificate called DSDTestProvider and is similar to that of eDellRoot. Again Dell responded quickly explaining that it’s linked to the Dell System Detect software for the users who downloaded it between October 20 and November 24, 2015. The application is linked to Dell support and after the vulnerability was discovered it was corrected.

For both problems Dell published a page with explanations and instructions for their correction. The company’s quick response to solve problems with apologies is certainly positive but again after the Lenovo case really dangerous vulnerabilities were discovered on brand computers.

Users of desktop PCs can turn to shops that assemble them and may also sell them without an operating system installed if the user can install one on their own or with the bare minimum installed. Brand PCs typically have a lot of pre-installed software that isn’t always necessary and unfortunately sometimes one can cause serious problems such as these vulnerabilities. Will they ever learn to properly test them before installing them?

Leave a Reply

Your email address will not be published. Required fields are marked *