Dell is not quite done addressing its security problems. Just when one huge security issue was being covered, a new one has emerged and it seems to have an equally destructive effect on the company’s fame and the security of Dell users. Dell’s proactive acceptance of the security breach and the quick steps it took to fix it are highly commendable. It may be one of the reasons of satisfaction among Dell’s users.
The first big security issue in Dell Systems was brought to light on November 23rd, 2015. Dell laptops were being shipped with an SSL certificate called eDELLRoot which could be misused by hackers to spy on web traffic. Dell informed that the certificate was meant to provide the system service tag to the online support team of Dell so that they can easily identify the model. The company ensured that the certificate was not designed to collect any personal information. Instructions to remove the certificate were quickly posted on Dell’s website and a software update was rolled to automatically remove it from the systems.
Just when Dell was done with its apologies and quick actions to take care of eDELLRoot, a new vulnerability surfaced among Dell users which posed an equally big security and bore stark similarities to the previous one. Like eDELLRoot, a security certificate called DSDTestProvider was meant to enhance the customer’s experience by making it easier for them to get support. It came pre-installed in some systems while other customers may have downloaded it with the application known as Dell Systems Detect. Dell removed the application from the website as soon as the security concern was brought to light. It has now been replaced with an application without the certificate.
Clear instructions on remedying the issues have been made available for the customers on Dell’s website. In addition to this a software update is also published to automatically check and remove the security threats. Dell security testing clearly needs some improvements to ensure mistakes don’t turn into a habit.