Dell officials have apologized for shipping PCs with a certificate that made it easy for attackers to cryptographically impersonate HTTPS-protected websites and issued a software tool that removes the transport layer security credential from affected machines.
As some people suspected, the self-signed credentials that came preinstalled as root certificates on computers throughout Dell's product line were associated with the Dell Foundation Services, Dell officials wrote in a blog post published late Monday night. The certificates, which were issued by an entity calling itself eDellRoot, were part of a support tool that was intended to make it easier for customers to maintain their systems, the post explained. Attempting to draw a distinction between the Foundation Services app and the SuperFish man-in-the-middle adware that injected ads into the HTTPS-protected Web content displayed on Lenovo computers, Dell officials wrote:
The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers. This certificate is not being used to collect personal customer information. It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process.
The post went on to thank customers Hanno Böck, Joe Nord, and Kevin Hicks for bringing the threat to Dell's attention.