Check - Certificate security holes and various flaws found in Dell laptops

Earlier today, it was discovered that a second root certificate has been found in new Dell laptops just a few days after the first backdoor cert was revealed to the IT community.
The so-called 'DSD Test Provider' certificate was first discovered late last week. It is installed through Dell System Detect into the Trusted Root Certificate Store on new Windows laptops along with the private key.
Dell has been contacted for further comment, but we are still waiting for more information.
The Texas technical titan has called the first certificate issue an "unintended security vulnerability" in a few media statements.
Carnegie Mellon University CERT says it allows attackers to create trusted certificates and impersonate sites, launch man-in-the-middle attacks, and passive decryption.
"An attacker can generate certificates signed by the DSD Test Provider CA (Certificate Authority)," CERT's Brian Gardiner says.
Systems that trusts the DSDTestProvider CA will trust any certificate issued by the CA, and that's where all the problem is.
"An attacker can impersonate web sites and other services, sign software and email messages, and then decrypt network traffic and other data. Common attack scenarios include impersonating a web site, performing a MiTM attack to decrypt HTTPS traffic, and installing malicious software," he added.
Overall, users should move the DSDTestProvider certificate to the untrusted store using Windows certificate manager. They also need to kill Dell.Foundation.Agent.Plugins.eDell.dll to stop the persistence, otherwise the issue will reappear all the time.
The eDellRoot certificate was found this week in XPS, Precision, and Inspiron laptops.
"If I were a black hat hacker, I'd immediately go to the nearest big city airport and sit outside the international first class lounges and eavesdrop on everyone's encrypted communications," Graham says.
Source: Dell Inc.

Post a Comment