Dell says it deeply regrets security issue found in its laptops, offers way to remove root certificate

XPS 15
XPS 15

PC maker Dell now says it deeply regrets putting in what it says was an unintentional security issue in some of its laptops, including the Dell XPS 15. The problem was discovered earlier this week when users found a root certificate, eDellRoot, that could be used by hackers to enter any PC with that program if they found its private key.

In a statement posted late on Monday, Dell said:

"Today we became aware that a certificate (eDellRoot), installed by our Dell Foundation Services application on our PCs, unintentionally introduced a security vulnerability. The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it.""The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers. This certificate is not being used to collect personal customer information. It's also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process."

Dell has posted a manual procedure on how to remove the root certificate from its PCs at its website (opens in new tab). It will also push out a software update today that will automatically detect and remove the program. It pledges to remove the certificate from all future Dell systems.

Source: Dell (opens in new tab)

  • Urgh, not another one.
  • They can't be trusted. Probably should do a clean install or just buy a surface book.
  • This was a good and thorough response, unlike Lenovo's
  • I agree. Even today I still find Lenovo's apps being far too deeply integrated into Windows for my liking. For example installing the system interface driver creates 7-10 processes running in the background all the time.
  • Exactly why I'm glad Microsoft is making computers now. Too much crapware from pc manufacturers. Sometimes I wonder why they bother making so much junky software.
  • Well don't be so glad because even though Microsoft is making computers they are afraid of promoting their own hardware over their partners' hardware for the fear of losing them. Microsoft has even said they don't intend to compete with their partners, which is why you sometimes see them advertising for partners' hardware more than their own. Now all these blunders from PC manufacturers will eventually make people go instead for Apple products because even though Microsoft makes arguably better hardware than Apple not everyone is going to buy them as their products are not available worldwide and their is not enough marketing of them so not many are aware of them, not to mention Microsoft intentionally charges high price for them just to keep it higher than their partners' prices, to show them they are not competing with them.
  • LOL, you live in an alternate reality.  People are not as stupid as you think.  They can tell the difference between a high quality, well designed, well supported Microsoft product than cheap crap at best buy.
  • Exactly. After the other cases like this, Dell knows not to mess around... apologize, remove, and hope everyone moves on.
  • As long as they fix it in a timely fashion then thats all you can honestly expect.Its not that this kind of stuff will never happen its that its fixed quickly. Hopefully this will become more the standard and signature PCs sell well further pushing OEMs to this model.  
  • Yes, we know; "Dell; we deeply regret", cough, cough, "Dell; Damn, we thought it was hidden where NO one could find it".
  • Agreed. Within 24 hours they dealt with it. Frankly, it seems like someone fluffed up trying to get their support app working. Nonsense. I really hope this isn't the beginning of a trend as I buy alot of Dell products. Disappointing.
  • Sounds more like Volkswagen than thorough response.
  • Volkswagen and now Dell, this never ends! Posted via the Windows Central App for Android
  • You forgot Lenovo ;)
  • And Samsung!
  • One thwarted government agencies, the other helped them.
  • Dell deeply regrets getting caught.
  • "unintentional"
  • "deeply regrets"
  • "No ragrets"
  • Will it cover Alienware systems?
  • Dell will push out an update that modifies your system... another good reason to FDISK any system received from a manufacturer and start from scratch.
  • Indeed!
  • Exactly! Never trust, will do this every time.
  • Precisely!
  • How will it help here?
  • Said goodbye to Lenovo.
    Bye Dell.
  • Are you trolling?Why? Because you can't spend 2 minutes to fix the issue? also Dell is providing an automated fix.  This was discovered yesterday, so Dell provided a really fast response IMO. 
  • They probably have the fix ready for a while now. Just waited for some one to discover it.
  • tin-foil hat?
  • I start to think that all of these OEMs have a backdoor somehow, it's a matter of time before someone stumble upon it.
  • everyone is needlessly freaking out over this ... this is really a non story ... this script was there to provide better customer service not to spy or give you ads ... it has been discovered to be a security risk so Dell gave us a way to remove it.  Dell computers are not the real security risk we need to worry about ... it's people running XP and hacked pirated versions of windows that we should be concerned about.
  • How is it a non story? If this story wasn't published, it wouldn't be known about by a massive amount of users, who wouldn't know they should remove it. Any security risk is a story, no matter how small in comparison to others.
  • Do not always trust in what PR spokespersons say ...
  • @enternalozzie - Are you serious. This is HUGE!!! With this certifcate having the PRIVATE key included with it the back door it creates is enourmous. Also it is not only new machines. Anybody who updated the foundation services recently is also at risk.I found it on me Dell Venue Pro 8 after I updated the foundation services last week.
  • Precisely. Apparently this junk cert was found on mission critical systems - a dam amongst other things. Dell had to handle this and fast. Good that they did.
  • The "REGRET" that they got caught. 
  • I love the picture!
  • I'm guessing if you bought a signature series of any brand this shouldn't be an issue?
  • Wrong. Dell foundation services are used by support as well as to enable updates etc.. I have 2 signature machines that are both impacted. My XPS13 and my DV8P tablet which was bought in 2013.
  • We should keep the following: "We deeply regret and we are working on it". The thing is if the users didn't found the malware, it would be like VW with the "eco-friendly car" 
  • Perhaps I'm a bit naive but this seems to be a genuine apology. They've owned up to their mistake without making any excuses. They've shown remorse for their actions and are taking steps to remedy the issue. (immediately)
  • Exactly. Don't see a problem here. This is nothing like Lenovo or VW.
  • Oh I'm sure it's genuine. Send like they made a genuine fluff up and I'm really glad they dealt with it. Fast. The old (non private) Dell would have done a Lenovo. Still, not cool it happened.
  • that's 3/7 major oem vendors?  dell, lenovo, samsung ... now just need asus, hp, toshiba, acer?  more reasons to get the surface line from MS and for MS to close the doors on these so call 'platinum' partners.      
  • Agreed
  • Please go away you anti-microsoft troll. I doubt Microsoft would close the door to Dell, Lenovo and Samsung for these issues.  After all, Microsoft is not like Apple and cannot afford the cost of closing its ecosystem and becoming a hardware OEM like Apple with a closed garden.  This issue will be fixed and Dell, Lenovo and Samsung will keep doing business with Microsoft for the next years.
  • Another backdoor baked in for NSA blows in their faces.
  • Does that mean I'll stop using Delk?
  • Translation, " we got caught ".... Please keep buying from us...
  • Well at least they addressed it, within 24 hours, apologised and issued a fix. I hope Lenovo begin to act like that. Either way, this is why I always buy an additional ssd and os.
  • Wow that was fast, Lenovo took about 1 month to make the update. I'm downloading the word document now to see if my Inspiron 5548 (Early 2015 model with Broadwell is impacted)
  • II'll be checking my 5749 when it comes back from repair. The motherboard failed after giving me occasional problems :(     
  • Atleat its a legit certificate to make support easier, unlike Lenovo... -____-
    hate Dell's hardware, but atleast the software they throw on your computer has a helpful purpose for the user - because lets face it, most people wouldn't find the Service Tag number labeled Service Tag on the bottom of a device - they would call Dell and fork over money for support there (another reason I dislike Dell) ​They didnt apoligize for putting on there, they apologized for the securiy flaw in it - malware has a negative connocation to it, and atleast in THAT sense, this isnt malware, or alteast that kind of malware. I don't think they should apolozige for putting it on a device if all it does is make support easier by providing a service tag.
  • Damage control. Why even do it then? O yea forgot..PROFIT.
  • So they got caught and are acting like it was some mis-understanding? Nice try but no.
  • Boo.
  • Ofcourse they regret, WHEN they were caught :|
  • Apparently a lot of people don't know that you should perform a full reset, or clean installation of Windows once your pre-installed copy is activated. That way lots of people would have an even better experience with their Windows devices.
  • 12 pages to remove it??????? 12 pages really????????