Second Dell backdoor root certificate found2015-11-25 15:59 by Daniela
Several days after a security hole in recently shipped Dell computers was revealed, a second root certificate has been found in new laptops of the manufacturer.
The certificate, called DSDTestProvider, is installed by an application called Dell System Detect (DSD), which users are prompted to download and install when they visit the Dell support website. Users who downloaded the Dell System Detect product between 20 October and 24 November 2015 may be affected.
According to Carnegie Mellon University CERT, the vulnerability allows hackers to create trusted certificates and impersonate sites and launch man-in-the-middle attacks.
"An attacker can generate certificates signed by the DSDTestProvider CA (Certificate Authority)," CERT bod Brian Gardiner says. "Systems that trusts the DSDTestProvider CA will trust any certificate issued by the CA."An attacker can impersonate web sites and other services, sign software and email messages, and decrypt network traffic and other data. Common attack scenarios include impersonating a web site, performing a MiTM attack to decrypt HTTPS traffic, and installing malicious software."
The first certificate found to be vulnerable this week is called eDellRoot. It was installed by Dell Foundation Services to act as a support tool. However, it also allowed an attacker to extract the private key that signed the certificate. And after having such a key, a hacker could serve up fake versions of HTTPS sites, such as banking websites.
Dell has released a removal tool and instructions for the eDellRoot certificate, and it is expected to do the same for DSDTestProvider.
Read more -here-