Dell does a Lenovo: ships laptops with rogue root CA

Some Dell laptops ship with a self-signed root certificate eDellRoot and private key that attackers can exploit. The issue, first reported on Reddit, has resemblances to the Lenovo incident earlier this year when the company shipped some of its laptops with a pre-installed third-party root certificate that could be exploited in a similar fashion.

The self-signed root certificate and private key appear to be identical on all affected Dell machines.

The preinstalled root certificate is accepted by browsers who use the system’s certificate store, and that is Chrome and Internet Explorer on Windows for instance. Mozilla Firefox on the other hand is not affected by this as it uses its own certificate store.

The issue is severe, as it enables attackers to sign fake certificates for use on websites, and users would  not notice this unless they pay attention to the certificate chain.

mod apk
edell rogue certificate

screenshot by rotorcowboy

The certificate, which is installed on laptops by default, is installed by the software Dell Foundation Services which, according to the description on Dell’s website, “provides foundational services facilitating customer serviceability, messaging and support functions”.

The private key is not exportable by default but there are tools that can export it. The key has been posted in the meantime on Reddit.

It is unclear why Dell added the certificate in this way to some of its machines. It seems unlikely that spying is the reason for this, considering that the company would not include the private key if this would be the case.

It is surprising however that another manufacturer of Windows PCs and devices would make the same mistake that Lenovo did earlier that year considering that the company should have paid close attention to the fallout afterwards.

Test your laptop

bad edell test

Hanno Böck created a web test to find out if the bad eDell certificate is installed on the system. Simply connect to the test website and you will receive information whether your system is vulnerable or not.

Remove the certificate

If the root certificate is installed on your laptop, you may want to remove it immediately to block any attacks from being carried out successfully against your system.

Windows users need to do the following to remove the certificate:

  1. Tap on the Windows-key.
  2. Type certmgr.msc and hit enter.
  3. Accept the UAC prompt if it is shown.
  4. Switch to Trusted Root Certification Authorities > Certificates.
  5. Locate the eDellRoot certificate in the list.
  6. Right-click the certificate and select Delete.


Article Name

Dell does a Lenovo: ships laptops with rogue root CA


Martin Brinkmann


At least some Dell laptops ship with a self-signed root certificate and private key that attackers can abuse to create valid certificates for malicious sites.

About Martin Brinkmann

Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook, Twitter or Google+

You are here: Home > Security > Dell does a Lenovo: ships laptops with rogue root CA

This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at