Dell security woes continue with second flaw found

Serious questions are beginning to surround Dell in regards to their security, following the discovery of a second security flaw on its devices in just a matter of days.

The company has had to pull its Dell System Detect application, after it was discovered to contain a self signed root certificate authority.

Journalist Hanno Bock found DSDTestProvider, which allows hackers to intercept a users web traffic, and force a computer to think that an unsafe website was secure.

Dell said that the problem affects users who downloaded Dell System Detect product between 20 October and 24 November 2015.

Researchers at Caernegie Mellon University ,who were passed the information by Bock, said in their report: "An attacker can generate certificates signed by the DSDTestProvider CA. Systems that trusts the DSDTestProvider CA will trust any certificate issued by the CA."

The researchers warn that "Common attack scenarios include impersonating a web site, performing a MiTM attack to decrypt HTTPS traffic, and installing malicious software."

It comes just days after the preloaded eDellRoot had been discovered. Unlike eDellRoot though, this second issue is not pre-istalled on devices. The researchers urge affected users to revoke the DSDTestProvider certificate.

The Inspiron, Precision and XPS ranges are amongst those devices affected.

Sign up for our regular news round-up!

Give your business an edge with our leading Tech Monitor

Sign up