When purchasing a new laptop or desktop machine one would assume that it comes installed with all the latest technology to prevent hackers from accessing your personal data.

This week we discovered that that’s not necessarily true. In a statement released Nov. 23, Dell Computers revealed that a security vulnerability was inadvertently placed on Dell computers via a certificate (eDellRoot) installed by a Dell Foundation Services application. In plain English, the software allows your sensitive web traffic to be intercepted, and it can also misidentify unsafe sites to users as safe.

At BKS, this has the potential to affect about 90 percent of our clients. We are currently reviewing resolution and removal steps. In the meantime, we encourage all of our customers to be diligent when using public WIFI, as personal information will only be able to be accessed via a third party on the same network sniffing your traffic.

Certificates are used on computers and internet browsers to certify the identities of individuals, computers and other parts of a network. Dell quickly posted instructions on how to remove the eDellRoot certificate from computers. The company also pushed out a software update Nov. 24 that checks for the certificate and if detected will remove it from computers.

The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers,” the company said in its statement. “This certificate is not being used to collect personal customer information. It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process.”

If this security breach concerns you or you would like some more information about how to mitigate this on your network, contact us.