eDellRoot and Root Certificate Vulnerabilities

Nov 27, 2015360TS

Dell has been in the spotlight since the company shipped computers including a vulnerability in their root certificates for their software. This issue is very similar to the Superfish vulnerability, affecting pre-installed software on Lenovo computers, which also included a self-signed certificate. Both vulnerabilities allow a third-party to intercept the encrypted communications of the user.

Certification Authorities (CA) are responsible to verify and sign organisations’ digital certificates. By being CA verified, the certificates become trusted as its issuing company is traceable. Digital certificates are used for different purposes such as signing a software to validate its source legitmacy, or to establish encrypted communications such as SSL connections to websites (as indicated by the locker symbol in the URL bar). By having a verified certificate, the company is deemed trustable since it is traceable in case of issues.

Dell computers were shipped with software using a self-signed certificate under the root name eDellRoot, meaning that no Certification Authority verified the authenticity of the certificate or the company. But what made the whole story worse is that the private key for that certificate was shipped together with the certificate itself. In other words, with that private key, anyone is able to cypher and decipher communications encrypted by eDellRoot certificate.

This vulnerability would allow man-in-the-middle (MITM) attacks, enabling an attacker to intercept the encrypted communications to sniff sensitive data or to manipulate user’s traffic. Therefore, MITM could get information like mail content and passwords, redirect the user to malicious sites, or deceive users to install malware on the comprimised computers.

360 Total Security scans more than just files and also checks installed certificates on your computer. Therefore, it will alert you if any of these risky certificates is installed. Perform a scan with 360 Total Security now and make sure you are not affected by this vulnerability.