Superfish 2.0: Dangerous Certificate on Dell Laptops breaks encrypted HTTPS Connections

Hanno's Blog

Monday, November 23. 2015

Superfish 2.0: Dangerous Certificate on Dell Laptops breaks encrypted HTTPS Connections


Trackbacks

No Trackbacks

Comments
Display comments as (Linear | Threaded)

It's not just laptops, it's their desktops too.

There's a Dell XPS 8700 desktop here that I have confirmed, has the bad certificate. There's a second one that we've set up for our office network but haven't yet pressed into service, and I'm thinking there's a good chance it has the certificate too.

I've deleted it from the machine I checked. I'll have to locate the other one.

http://forums.theregister.co.uk/forum/containing/2705367 suggests that it re-incarnates after deletion too. I'll be keeping a close eye on that machine though to see if the certificate comes back.
#1 Stuart Longland (Homepage) on 2015-11-23 21:24 (Reply)
You get rid of the certificate by performing following actions:
1) Stop and Disable Dell Foundations Service 2) Delete eDellRoot CA registry key here

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\98A04E4163357790C4A79E6D713FF0AF51FE6927

Then reboot and test.
#2 qasimchadhar (Homepage) on 2015-11-23 22:16 (Reply)
Just tried your instructions, sort-of (I did the deletion first through certmgr.msc).

Stopped and disabled the "Dell Foundations Service" then did a reboot. So far, so good. We'll be keeping an eye on the affected machine.

We have two machines both bought the same day, one has the certificate, the other does not. The one without was kept in a box the past month.

Not sure if the bad certificate has always been on the affected box or if it was since downloaded.

Apparently the certificate is being revoked automatically for some: http://forums.theregister.co.uk/forum/containing/2705481
#2.1 Stuart Longland (Homepage) on 2015-11-24 00:04 (Reply)
Hi, I'm Laura and I work for Dell.
Customer security and privacy is a top concern and priority for Dell, so I apologize that your attempts to contact us went unanswered.
The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience. Unfortunately, the certificate introduced an unintended security vulnerability. To address this, we are providing our customers with instructions to permanently remove the certificate from their systems via direct email, on our support site and Technical Support. We are also removing the certificate from all Dell systems moving forward. Note, commercial customers who image their own systems will not be affected by this issue. Dell does not pre-install any adware or malware. The certificate will not reinstall itself once it is properly removed using the recommended Dell process.
#3 Laura P Thomas (Homepage) on 2015-11-24 04:10 (Reply)
Just wanted to follow-up with link to additional information and removal instructions now available here: http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate
#3.1 Laura P Thomas (Homepage) on 2015-11-24 16:17 (Reply)
Help: I recently purchased a Dell laptop and need assistance relating to this. I'm not very computer literate. Could someone contact me and assist me.
Tom Moreland
#3.1.1 Tom Moreland on 2015-11-24 22:49 (Reply)
Hi Tom,
Me neither!
Here, this should help you. There is an automatic tool you can download from Dell's site. http://www.dell.com/support/article/uk/en/ukdhs1/SLN300321/en?c=uk&s=gen&cs=&l=en
All the best,
Sarah
#3.1.1.1 Sarah on 2015-11-28 14:52 (Reply)

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

 
 

About

This blog is written by Hanno Böck. Unless noted otherwise, its content is licensed as CC0.

You can find my web page with links to my work as a journalist here.

I am also publishing a newsletter about climate change and decarbonization technologies.

The blog uses the free software Serendipity and is hosted at schokokeks.org.

Hanno on Mastodon | Contact / Imprint | Privacy / Datenschutz