Yesterday the user "rotorcowboy" created a post on Reddit where he wrote that he found a trusted root certificate on his brand new Dell XPS 15 containing the private key for the certificate. That the private key is included is alarming as it gives malicious people the possibility to create fake certificates for known sites such as Google or your internet bank and that your computer will automatically trust these certificates. This means that even though the traffic is encrypted it can be read by a third party. As a demo, a fake certificate for Google was created: https://i.imgur.com/T9CnRy6.png

Dell have issued a statement explaining why the certificate is installed and instructions on how to remove it.

The original reddit thread also contains instructions on how to remove the certificate.

Not all Dell laptops seem to be vulnerable. Detectify.com have created a site where you can test if your computer is vulnerable. The site does not seem to work in Firefox so just use Chrome. https://dellrootcheck.detectify.com/

Comment