Computer maker Dell warned late Monday of a security hole affecting recently shipped computers that could leave users vulnerable to hackers.
The issue affects computers made by Dell that come with a particular preinstalled customer service program. Through a certificate that would identify the computer to Dell support staff, this program makes the computers vulnerable to intrusions and could allow hackers to access encrypted messages to and from the machines, Dell said. There is also a risk that attackers could attempt to reroute Internet traffic to sites that look genuine but are in fact dangerous imitations.
Dell said that customers should take steps to remove the certificate from their laptops, offering instructions on how to do that manually. Starting Tuesday, it also plans to push a software update to computers to check for the certificate and then remove it.
“Customer security and privacy is a top concern and priority,” the Round Rock, Texas-based company said in a statement. Dell did not respond to a request for more information.
Security researcher Brian Krebs said that the problem affects all new Dell desktops and laptops shipped since August. That would mean a vast number of computers are at risk. In the third quarter, Dell shipped more than 10 million PCs around the world, according to market researcher IDC.
The disclosure by Dell is another sign of the dangers that lurk as we check our bank accounts online, go shopping via Amazon and share personal information over Facebook. While big data breaches at retailers like Target and Home Depot affect thousands of people all at once, consumers can also be hit much closer to home through their own laptops and smartphones.
Even as they’ve become attuned to taking security precautions, though, consumers typically don’t have to worry about brand-new technology they’ve just brought home from the store. For sure, some programs that computer manufacturers install can prove irritating or cumbersome. The revelation that one might be genuinely dangerous has the potential to erode trust in the computer in one’s hands and in the company that supplied it.
This isn’t the first time this year that out-of-the-box PCs have contained vulnerabilities. Some Lenovo laptops were found to have a similar security flaw thanks to a preloaded program called Superfish. This software altered search results to show different ads, but it also tampered with the computer’s security. It was eventually fixed with a specially released tool.
Dell said that its certificate isn’t adware or malware, nor was it used to collect personal information.
The program in question is being removed from all new Dell computers, the company said, and once it is properly removed according to the recommended process, it will not reinstall itself.