Further, Dell says it will publish a guide to remove the web security backdoor it installed in its Windows laptops and desktop PCs. According to Dell, only the new models from the XPS, Precision and Inspiron families have the the self signed root level rogue CA called eDellRoot installed on them. As of now Dell has not clarified what this eDellRoot certificate can do or why it shipped its PCs/Laptops with the rogue CA. According to experts the rouge CA is bundled with its private key which can be used by the malicious actors to launch man-in-the-middle attacks. Potential hackers can also use the certificate and the key to intercept and decrypt web traffic. Once done, the hacker could have access to the victim’s username, passwords (including banking/credit card details) and overall web history. As Joe Nord emphasised in his web post, the rogue CA has been installed by Dell engineers at root level and cannot be deleted using simple means. Another user on Reddit advised that to remove the rogue CA completely one has to delete the .DLL plugin shipped with it. Dell in a statement said that it will publish a step by step tutorial for Dell PC and Laptop owners to remove the rogue CA completely from their PCs. It also said that the future Dell PCs and Laptops will not shipped with eDellRoot. The statement released to media says, If you own a Dell PC or Laptop and are worried about having such a security hole on your PC, you need to wait for Dell to issue the removal tool. Advanced users may delete the .DLL –Dell.Foundation.Agent.Plugins.eDell.dll – as well as the eDellRoot certificate and safeguard their PCs/Laptops. You can use the Windows certificate manager to view/delete the rogue CA. Those users who dont know how to check root level certificates and whether their PCs/Laptops have eDellRoot installed in it, check here and find out.
