Dell addresses notebook security snafu, removing bad eDellroot certificate today

Mark Coppock

As we reported yesterday, Dell joined Lenovo in suffering from its own security snafu. In Dell’s case, they used a generic security key on some of their machines that could allow untrustworthy souls to create false web certificates for the unsuspecting. Today, Dell explains what happened in the hopes of regaining their customers’ trust.
According to Dell, the use of the certificate was to enable Dell technical support to grab the service tag as a convenience to their customers. Specifically, the certificate was installed by their Dell Foundation Services PC application, and what Dell installs, they can uninstall. And that’s precisely what they’re now proposing.
They’ve provided directions on removing the certificate, and will also be implementing a software update today that will search out the bad certificate and eradicate it. They’ll also ensure that no Dell machines have the certificate installed from this point forward.
Here’s Dell’s apology:

Your trust is important to us and we are actively working to address this issue. We thank customers such as Hanno Böck, Joe Nord and Kevin Hicks, aka rotorcowboy, who brought this to our attention. If you ever find a potential security vulnerability in any Dell product or software, we encourage you to visit this site to contact us immediately.

So there you have it, Dell customers. Problem identified and fixed, although we do wish these companies would stop shooting themselves in the foot this way. Security is vitally important today, as is privacy, and while mistakes do happen, those are two areas where they should be minimized. In this case, Dell responded quickly, and so that’s a plus–although we do hope that going forward they’ll pay a little more attention to the kinds of certificates they’re installing.
We’ll keep you updated with issues like this, and don’t hesitate to let us know about them via our tip line.