Second Dell backdoor root cert found
Blackhats, head straight to the airport lounge.
A second root certificate has been found in new Dell laptops days after the first backdoor was revealed.
The DSDTestProvider certificate was first discovered by Laptopmag. It is installed through Dell System Detect into the Trusted Root Certificate Store on new Windows laptops along with the private key.
Dell has been contacted for comment. The Texas tech titan has called the first certificate gaffe an "unintended security vulnerability" in boilerplate media statements.
Carnegie Mellon University CERT says it allows attackers to create trusted certificates and impersonate sites, launch man-in-the-middle attacks, and passive decryption.
"An attacker can generate certificates signed by the DSDTestProvider CA (Certificate Authority)," CERT bod Brian Gardiner says.
"Systems that trusts the DSDTestProvider CA will trust any certificate issued by the CA.
"An attacker can impersonate web sites and other services, sign software and email messages, and decrypt network traffic and other data. Common attack scenarios include impersonating a web site, performing a MiTM attack to decrypt HTTPS traffic, and installing malicious software."
Punters should move the DSDTestProvider certificate to the untrusted store using Windows certificate manager. They also need to kill Dell.Foundation.Agent.Plugins.eDell.dll to stop persistence.
The eDellRoot certificate was found this week in XPS, Precision, and Inspiron laptops.
Security bod Robert Graham recommends says black hats should head straight to the international airport lounge and use the handy certificates and keys to plunder executives' laptops.
"If I were a black hat hacker, I'd immediately go to the nearest big city airport and sit outside the international first class lounges and eavesdrop on everyone's encrypted communications," Graham says.
"I suggest international first class, because if they can afford US$10,000 for a ticket, they probably have something juicy on their computer worth hacking." ®