When will computer manufacturers learn? You might remember that Lenovo got in trouble several times this year for first installing a program that spied on users' browsing, then for a rootkit meant to help customer service but that could also help hackers.
Now it's Dell's turn in the hot seat. It turns out that Dell laptops and desktops have a root certificate that contains its own private cryptographic key, which allows hackers to create fake browser security certificates. In non-technical language, a hacker can trick a Dell computer on a public network into thinking that fake websites are the real thing, especially encrypted ones like banking sites.
This problem started in August 2015 when Dell put the root certificate, called eDellRoot, on its computers to help out its customer service. Using this certificate, Dell technical support could quickly pull the system's service tag to see the computer's exact hardware and software specs.
Apparently, it didn't occur to anyone at Dell that hackers could use the certificate for other nefarious purposes. Fortunately, security researcher Joe Nord figured it out and brought it to everyone's attention.