Dell Reportedly Shipping Another Dangerous Root Certificate on Its PCs

Advertisement
By Manish Singh | Updated: 25 November 2015 17:27 IST

Another root certificate vulnerability has been found on at least some Dell's Windows-powered computers. Earlier this week, the US-based computer juggernaut was caught shipping some of its recent PCs with a self-signed eDellRoot digital certificate which put its customers' privacy and security at risk.

It turns out, eDellRoot wasn't the only self-signed digital certificate that could allow attackers to impersonate websites and steal a user's information. Another root certificate called DSDTestProvider has been found by researchers on some Dell systems that could potentially be abused by attackers to perform the same man-in-the-middle attacks the eDellRoot certificate allowed, allowing attackers to snoop on user data and spoof encrypted pages.

"Dell System Detect installs the DSDTestProvider certificate into the Trusted Root Certificate Store on Microsoft Windows systems. The certificate includes the private key," wrote researchers at Carnegie Mellon University.

Advertisement

"This allows attackers to create trusted certificates and perform impersonation, man-in-the-middle (MiTM), and passive decryption attacks, resulting in the exposure of sensitive information."

Advertisement

Dell System Detect (DSD) is designed to interact with the Dell Support website. The researchers note that Dell systems that have been re-imaged, a popular process in which users remove all the applications that come pre-installed on the system and re-install them, are not affected. Some Dell systems don't come with the said certificate at all - those computers are not affected either. As of now, exactly which PCs ship with the DSDTestProvider certificate is not known.

The certificate is identical to the eDellRoot, which means that an attacker could generate certificates by the DSDTestProvider CA too, and impersonate websites and other services, emails, and decrypt network traffic among other things.

Advertisement

On Monday, Dell acknowledged that its eDellRoot certificate is riddled with an "unintended security vulnerability." The company also published an 11-page document with instructions on how to get rid of the said certificate. Dell is yet to acknowledge any vulnerability in the DSDTestProvider certificate.

 
Post your comments

Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.

Further reading: DSDTestProvider, Dell, Laptops, Security, Vulnerability, Windows, eDellRoot, malware
Facebook User Phuc Dat Bich Says Name Was a 'Prank'
Huawei Watch Update Brings New Watch Face and Improvements
Advertisement
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Flipkart Reveals Deals on Phones For its Upcoming Sale: See Offers
  2. OnePlus Mid-Size Performance Phone With 8,000mAh Battery Could Launch Soon
  3. Here Are the Top 10 Deals on Smartphones During the Upcoming Amazon Sale
  4. Here's How Much the Motorola Signature Could Cost in India
  5. Latest Meta Layoffs 2026: Nearly 1,500 Employees Cut from Reality Labs
  6. Amazon Great Republic Day Sale 2026: Here Are the Top Deals on Laptops
  7. Redmi Note 15 Pro 5G India Variant Spied on Geekbench, Could Launch Soon
  8. CERT-In Wants You to Update Your Android Phone After Google Fixes This Flaw
  9. Not China, But This New Country Will Make the New Google Pixel 11 Series
#Latest Stories
  1. Redmi Note 15 Pro 5G India Launch Seems Imminent After Smartphone Appears on Geekbench
  2. Battlefield 6 Season 2 Delayed to February as EA Extends Season 1
  3. CERT-In Urges Android Users to Update Smartphones After Google Patches Critical Dolby Vulnerability
  4. Apple Led Market as Global Smartphone Shipments Rose 2.3 Percent YoY in Q4 2025 Despite Growing Memory Shortage: IDC
  5. Red Magic 11 Air Design, Colour Options and Display Features Confirmed
  6. Motorola Signature Box Price in India, Launch Date Leaked Ahead of Arrival: Expected Specifications
  7. Dhandoraa Now Streaming on Prime Video: Know Everything About This Telugu Drama Film Online
  8. Oppo 6t Series, Oppo A6 4G, Oppo A6x 4G Specifications, Colourways Listed Online; Could Launch Soon
  9. Samsung Galaxy S26 Leak: Base Model Could Finally Get 45W Fast Charging Upgrade
  10. Haier H5E Series 4K Smart Google TVs With Bezel-Less Design Launched in India: Price, Features
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.