eDellRoot – Root Certificate Exploited by Hackers
Latest laptops released by Dell have been facing major security weakness similar to that of superfish owing to some problem of software which has left users susceptible to malicious hacking. The issue is with eDellRoot, a root certificate which is probably exploited by hackers in stealing the data of the users. The root certificate is said to be a minor file which is utilised in encrypting connection, which makes it secure.
When the users views a padlock sign in the browser bar while engaging in online banking or some of the social media sites, the certificate tends to thrust in, your browser has link to the web server and has verified that the service is legitimate, thus establishing a secured connection in which your data is encrypted.
This makes it difficult for the malicious hackers to gain access. The problem is due to the key which the certificate tends to use to encrypt the information that is stored locally in the computer. This brings about a possibility for the hacker who has one of the affected computers to reverse the engineered key and thus reveal its encryption system which is similar to that of Superfish.
Connect Browser & Server without Interruption – Legitimate/Secure Website
This can enable them to connect between browser and server without interruption and pose as a legitimate, secure website, probably permitting access to passwords and other credit card details. Kenn White, a security expert was capable of illustrating this problem by developing a website which established a connection to a website that appeared to be a secured link to the Bank of America page, though in fact it was a bogus site of his own creation which featured a criminal Doge in a ski mask.
He managed to portray how users affected by the security weakness could be tricked into accessing apparently secure sites which seems to be actually capable of pilfering data by interrupting the connection. Some of the browsers such as Chrome and Firefox tend to use their own certificates and warn users when they incline to connect with bad certificate and deny them access to it. However people who use less secure browsers do not seem to have the same protection.
Superfish – Issue
The problem is significant of the Lenovo `Superfish’ issue wherein a program which had been meant for helping in delivering advertising to webpages was actually used for the purpose of intercepting data. Lenovo had been strongly disapproved for making users susceptible at the time and Dell had received from the security community the same treatment. Dell, through their website had released a statement on the issue.
They stated, speaking with regards to the bad certificate that `the certificate had been implemented as a part of a support tool and had intentions of making it faster as well as easier for the customers to service their system’.
Moreover, they had also released instructions for technical process which enabled the affected users to eliminate eDellRoot from their computers independently. Besides this, Dell had also added that a software update would be pushed out to users which would check for the certificate and eliminate it, if it tends to be present. It is said that in the future, the certificate would also be removed from all Dell products as well as the systems.
