Skip to main content

Second potentially dangerous Dell root certificate discovered

Dell is under fire for the second time in less than a week, after users discovered another self-signed root certificate was being installed on their devices.

When users visit the Dell Support site and click “Detect Product,” they are prompted to download and install the DSDTestProvider certificate – worryingly similar to the eDellRoot controversy that erupted a few days ago.

Read more: How Lenovo’s Superfish adware has damaged consumer trust

Although neither root certificate is a direct security threat, both can be used by cyberattackers to create fake certificates for malicious websites or to sign malware so it looks like a piece of genuine software.

A Dell representative has stressed that the eDellRoot certificate is not malware or adware, but the hardware manufacturer has issued a removal tool. However, the company has yet to respond to the discovery of the second root certificate.

The incidents mirror the Superfish scandal that rocked Lenovo back in February. Users were shocked to find that the Chinese brand had pre-installed the software on new laptops, leaving them open to a man-in-the-middle style attack.

Unlike Lenovo, Dell has acted quickly to quell any security concerns, but this is not the first time that the computer technology firm has created vulnerabilities on its customers’ devices. Earlier this year, security researchers discovered that the Dell System Detect tool had a security flaw that would allow attackers to install malware remotely.

Read more: Dell apologizes for the laptop security drama

The real disappointment, from a consumer point of view, is that Dell, Lenovo, and perhaps other hardware manufacturers are not being as transparent as they could be regarding their products. Customers are often not aware of the software or certificates being installed on their devices, let alone if they have any harmful security implications.