Larry Walsh Talks About the Customer Security Fallout From eDellRoot

According to Lawrence M. Walsh, CEO and chief analyst of The 2112 Group, eDellRoot was installed by Dell on its PCs from August onwards in an effort to provide better security between support technicians and users. Such certificates are not uncommon, but the two keys on which they rely for access should be kept separate, with only the public key being just that, public. The private key should be kept safe by the issuing authority, in this case, Dell.

However, Dell somehow managed to include both a private and public key on the PCs, meaning that the security certificate could be accessed and exploited.

“Dell’s distributing PCs with private keys of the embedded digital certificate is a serious risk opening up several vulnerabilities that could make exploiting this vulnerability relatively easy for hackers,” Walsh told Channelnomics.

“Users of Dell PCs with eDellRoot are vulnerable to eavesdropping and malware attacks. Solution providers should check sales records and work with affected users to remove eDellRoot and correct the problem before hackers start exploiting the vulnerability.”

> Read the full article at