Dell has apologized for shipping a number of its laptops with an SSL certificate that could leave the private data of users open to hackers and said it will remove the vulnerability today.
A company spokesperson has told The Verge that it “deeply regrets that this has happened” and that it’s taking steps to address it.
"It was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model," says a Dell spokesperson. "This certificate is not being used to collect personal customer information."
The company has issued a document (.docx) instructing everyone how to completely remove the certificate in issue from the affected system, and added it will issue a software update that will automatically check for the certificate and kill it.
The company has not confirmed how many machines are affected, but the Inspiron 5000, XPS 15, and XPS 13 are known to ship with the certificate preinstalled, the Verge says.
For those who don’t know what’s going on, Dell has been shipping out laptops that were discovered to have a serious security problem on them. The issue was first noticed by programmer Joe Nord this Sunday.
The certificate, entitled “eDellRoot”, could allow hackers to get a forged version of the sign-in key, thus exposing the user to a variety of SSL-based attacks. Nord has compared the vulnerability to Lenovo’s recent “Superfish” problem.
“It has me thinking things similar to the Lenovo mistakes earlier this year with Superfish which I described at the time on twitter as "Lenovo commits corporate suicide", he wrote.