Dell Superfish Threat

December 7th, 2015
Dell Superfish Threat

Dell

Last month, it was determined that Dell has been shipping computers with a preinstalled digital certificate that would allow hackers to easily impersonate secure websites (like your bank's website)...

At this time, at least four models of Dell laptops and desktops (Inspiron, XPS, and older Precision and Latitude models) were shipping with this digitial certificate (issued by eDellRoot).

Basically, this digital certificate would allow someone to use the preinstalled certificate to extract the key to sign fake security certificates. This would mean that your computer thinks it's going to a secure banking website, but the browser could be redirected to an unsecured website.

This could also be used to target someone on public Wi-Fi networks.

What can you do?

For our managed clients, we'll automatically run a new removal tool issued by Dell. This tool will scan for the certificates and remove them if found. If an issue isn't found, you will receive this pop-up:

If you see this pop-up on your computer this week, please click "ok" (you'll know that the certificate is no longer on your PC).

Read more: https://arstechnica.com/security/2015/11/dell-does-superfish-ships-pcs-with-self-signed-root-certificates/

Read more: https://www.zdnet.com/article/dell-in-hot-water-again-as-second-superfish-root-certificate-surfaces/

This threat is being called "Dell Superfish" because it's very similar to a certificate threat found last year called "Superfish."