14 DAY TRIAL // Over the weekend, a Reddit user noticed that Dell included a root certificate, along with a private key, in some of its laptops. Yesterday, things took a turn for the worse when the Laptop Mag staff discovered a second such certificate.
Dell tried to explain the presence of the initial certificate, identified as eDellRoot, as a mechanism added to improve customer support for users who asked for it.
"The certificate is not malware or adware," said Laura P. Thomas, Dell spokesperson. "Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers."
While Dell said it would stop shipping eDellRoot with new laptops, the company also provided an eDellRoot automated removal tool. There is also a site where users can go and check if they have the certificate on their systems.
Second root certificate is called DSDTestProvider
Regardless of their explanation for eDellRoot, the company will have a hard time justifying the second, called DSDTestProvider.
According to Laptop Mag, this second certificate is installed and used by Dell System Detect (DSD), an application downloaded from the Dell website, which provides "Detect Product" features, helping users identify their laptop make, model, and other technical details.
Just as eDellRoot, DSDTestProvider is also installed in the Windows root store, along with a private key. This allows malicious actors to extract this data, and then use it for malicious purposes, mainly for MitM (Man-in-the-Middle) attacks, passing dangerous malware as coming from a legitimate source.
Users should remove the root certificates right now
To avoid getting exposed to such attacks, users should remove the aforementioned certificates. While eDellRoot can be removed with the Dell automated tool, if you don't want to wait until Dell issues a second version that also gets rid of DSDTestProvider, these are the steps you need to take to disable root certificates manually.
Step 1: Open the Start Menu, find the Run/Search section and type in "certmgr.msc"
Step 2: Select "Trusted Root Certification Authorities"
Step 3: Select "Certificates"
Step 4: Identify "eDellRoot" and "DSDTestProvider"
Step 5: Right-click on the certificates, select Delete, and restart the computer.
