Superfish 2.0 – Dell Laptops Preinstalled with Similar Malware and Security Flaw

Superfish 2.0 on Dell

Earlier this year, several cases came to light where brand new Lenovo laptops came preinstalled with a strain of adware that was being used by hackers to steal sensitive data. This adware was known as ‘Superfish’ and it affected thousands of PC users around the world. The Superfish adware effectively exposed these new Lenovo laptops to man-in-the-middle (MITM) attacks and led to a drastic vulnerability in online security and privacy.

Over the last few days, it has been discovered that Lenovo is not the only PC manufacturer that has to deal with such issues. Dell, the world’s 3rd largest PC manufacturer behind Lenovo, is now facing flak because a similar malware has been discovered on some new Dell machines as well. This security flaw was discovered a few days back and it has been termed eDellRoot.

What is eDellRoot and what does it do?

The issue garnered attention because eDellRoot is a rogue SSL certificate that came preinstalled in several brand new Dell desktops and laptops. What this rogue certificate allows attackers to do is stage highly efficient and foolproof MITM attacks. So when a user is browsing the web or carrying out some online banking transactions, eDellRoot enables an attacker to impersonate the seemingly secure HTTPS page at any stage. This can lead to dangerous phishing attacks and the loss of highly confidential information.

Another highlight of eDellRoot is that it can reinstall itself even when it is spotted and deleted from a machine. While eDellRoot is not malicious in nature itself, it can easily be extracted and used by an attacker for nefarious purposes. Ultimately, this can lead to a loss of login IDs, passwords, browsing information, cookies and other crucial information.

How to check if your Dell machine has eDellRoot

If you have recently purchased a Dell machine, then you need to carry out the following steps to see if eDellRoot is present:

  • Open the Start menu and type certmgr.msc into the search box
  • Click on Trusted Root Certification Authority in the left panel
  • Click on Certificates in the right panel and see if you can find eDellRoot
  • If you see eDellRoot there, right-click on it and delete it

However, it has been reported that even after doing this, the eDellRoot certificate reappears when the machine is rebooted. It has also been reported that Mozilla Firefox informs users about the un-trustworthy nature of this certificate. So users of new Dells are advised to use Mozilla Firefox as their web browser.

Several sources have claimed that in order to successfully delete the eDellRoot certificate completely from a system, it is necessary to remove the Dell.Foundation.Agent.Plugins.eDell.dll module from the system. We are working on gathering more information about these steps and whether it works and will be sharing an update on them soon. So stay tuned for more instructions on how to remove eDellRoot from your Dell system. You can also read more about this security vulnerability here.

The trend of preinstalling new laptops with unsafe security certificate seems certain to continue and highlights growing negligence by OEMs to ensure that their machines are completely secure. Whether OEMs actually take these incidents in their stride and consciously alter their certificate strategies in the future remains to be seen.

Source:
The Hacker News

Rahul Thadani

Rahul Thadani

Follow @

Subscribe
Notify of
guest
22 Comments
Inline Feedbacks
View all comments
amlan
amlan
5 years ago

Thanks for such an enlightening article.

varun valand
varun valand
5 years ago

Dear Thank you so much this information helps to customers for buying new laptops

Satendar Kumar
Satendar Kumar
5 years ago

What about HP Laptops?

s.k.upadyaya
s.k.upadyaya
5 years ago

Quick Heal is a good Ant virus .I install Quick Heal all computer in th departmaent.

Sohin
Sohin
5 years ago

Thank you for this post. I recently bought Dell Inspiron 15 5558 Core i5 5th generation. Thankfully it doesn’t have the superfish 2.0 malware as mentioned in this article.

RASID MALIK
RASID MALIK
5 years ago

thank you very much

hashmi latif
hashmi latif
5 years ago

Quick Heal is a good Ant virus .I install Quick Heal all computer in th departmaent.lokseva

Zameer Fouzan
Zameer Fouzan
5 years ago

good article explaining the flaw , had bought a new dell 5548 few months back, upgraded it to win10, just to make sure i checked the eDellroot, found it and deleted it . thanks alot

S Deodhar
S Deodhar
5 years ago

Thanks a lot for very useful info

Mahesh Jadhav
Mahesh Jadhav
5 years ago

What about Acer Laptop, i have Acer laptop (Aspier 5750G).

Uday
Uday
5 years ago

I remember getting a notification about Superfish on my Lenovo Laptop by Quick Heal total Security system. I was gone for some days & it was back for some time. Now I do`t get that notification. Does it mean that Superfish has been deleted? Does Superfish posses the same property as edellroot?

amit sengar
amit sengar
5 years ago

thanks…

kunal singh bamil
kunal singh bamil
5 years ago

not about acer laptop. why?

Aftab Arife
Aftab Arife
5 years ago

Thanks To Quick Heal Ant Virus

Aftab Arife
Aftab Arife
5 years ago

BEST QULITI ANT VIRES Q

Er: Jaya Chandra Rautaray
Er: Jaya Chandra Rautaray
5 years ago

Quick heal up gradation taking time is very lengthy it should be fast and quick

Sanjiv Doshi
Sanjiv Doshi
5 years ago

My new Lenovo Lap top is infected with Superfish. I would be greatful if you could suggest how to remove the malaware.

Rajiv Singha
5 years ago
Reply to  Sanjiv Doshi

Hi Sanjiv,

Kindly click on the link below. This will take you to the official page of Lenovo where they have listed out the instructions on how to remove the Superfish Adware.

https://support.lenovo.com/in/hi/product_security/superfish_uninstall

Regards,

22
0
Would love your thoughts, please comment.x
()
x