Second Dell Root Certificate Problem Discovered; How To Check For And Remove

According to tests done by Computerworld, the DSDTestProvider digital certificate remains on a Dell system even after the Dell System Detect tool is uninstalled.

Confirmed over the weekend as part of an impromptu crowd-sourced discovery, the earlier incident involved a root certificate called eDellRoot that is installed by Dell Foundation Services.

The new issue is caused by Dell System Detect, a tool provided by Dell to help provide customer support, the company told Business Insider. “An attacker can impersonate web sites and other services, sign software and email messages, and decrypt network traffic and other data”, says a vulnerability report about the issue.

The newly uncovered flaw affects a security certificate called “DSDTestProvider”.

In a statement, Dell said that the second problem affected users who downloaded its Dell System Detect product between 20 October and 24 November 2015.

Dell computers are popular among enterprise users as well as consumers, making it fairly easy for hackers to select a location and have a good chance of finding high-value targets.

“I suggest “international first class”, because if they can afford $10,000 for a ticket, they probably have something juicy on their computer worth hacking”.

Dell said it is not using the certificate to collect personal customer information. However, the certificate is actually installed by the Dell Foundation Services (DFS) application which, according to its release notes, is available on laptops, desktops, all-in-ones, two-in-ones, and towers from various Dell product lines, including XPS, OptiPlex, Inspiron, Vostro and Precision Tower. The company has also pushed a software update to users that will check for the certificate and remove it if it’s detected. The cybersecurity firm Malwarebytes discovered earlier this year that the application was vulnerable to remote code execution attacks, which allow attackers to gain full control of affected machines.

Therefore, users who want to remove it from their system must do so manually after they uninstall DSD.

“As for protection, all enterprises should block the Dell certificate authority both on the network and on their devices”. First, it allows traffic to be intercepted which could potentially expose sensitive user information to malicious attackers.

This vulnerability is unrelated to this week’s controversy about the eDellRoot self-signed certificate which the company has been installing on its machines, once again with the intention of streamlining support-related matters, but nonetheless an attack vector for MiTM attacks.

Security experts have warned that attackers could easily clone these certificates by using hacker tools to extract the private key contained by the certificates to impersonate any HTTPS-protected website or to impersonate Dell, which would enable attackers to steal personal data, install data-stealing malware, or hijack the PC as part of a botnet.