back to article Second Dell backdoor root cert found

A second root certificate has been found in new Dell laptops days after the first backdoor was revealed. The DSDTestProvider certificate was first discovered by Laptopmag. It is installed through Dell System Detect into the Trusted Root Certificate Store on new Windows laptops along with the private key. Dell has been …

  1. John Tserkezis

    Just when you thought things couldn't get worse, they do.

    After that, they get worse again.

    Sooner or later, they're going to have to abort this project called Dell, and start again. Perhaps have it run by monkeys or something, couldn't do any worse.

    1. Anonymous Coward
      WTF?

      Couldn't make it up. I'm starting to wonder if someone at Dell (the company) Security (sic) is seriously pissed off with Dell (the geezer). Perhaps he ran over their cat or something?

  2. Anonymous Coward
    Facepalm

    PC does what????????!!!!

    1. s5PGmU
      Joke

      PC does what no PC has done before: vulnerable before you take it out of the box!

  3. Anonymous Coward
    Alien

    Ruond Rock, Taxes. 11-42-5102

    It was another accident. Honest. It's just another of those "internal" cert faking kits you've been reading about surprisingly frequently lately. For "testing" only, honest. It must have accidentally fallen into your box at the depot. We have now implemented industry leading robust state of the art safeguards to guarantee we'll never be caught doing exactly this ever again, again, and eNthusiastically eNcourage you to continue eNjoying your eDell eXperience.

    We take your security and privacy. Seriously.

    Thankyou.

    --Dell PR

    1. Anonymous Coward
      Anonymous Coward

      Re: Ruond Rock, Taxes. 11-42-5102

      "We take your security and privacy. Seriously."

      Have an upvote just for this sneaky little period there.

  4. Steven Raith

    Next time I have a hardware procurement choice....

    .....that's Lenovo *and* Dell off the list then.

    Suddenly building your own servers is starting to look like a good idea again, if you appreciate actual security and must use Windows.

    Steven R

    1. Voland's right hand Silver badge

      Re: Next time I have a hardware procurement choice....

      I do not quite see your point. The problem is not Dell (or Lenovo) hardware. It is the complete and utter incompetence in bundled software. That is common across the board in most hardware manufacturers. They "Do Not Get It". It does not matter what you do in software - you may walk on water, feed the hungry, etc, a geezer in the hardware department which has managed to reduce the number of capacitors on the board by one will get a bigger bonus and more kudos than you.

      So rather unsurprisingly, they suck bricks in software (something which makes me wonder about the wonderful EMC deal as storage == 90% + software).

      The solution to this is not to blacklist their hardware. It is to wipe their software and install from retail media. C'est la vie - it is something you have to budget for when buying a PC if you want it to work well.

      1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        @VRH Re: Next time I have a hardware procurement choice....

        Can sort of see your point regarding Dell. Lenovo however was caught embedding its malware in the "secure (sic joke) boot" firmware, which was therefore an altogether more insidious and pernicious attack, effectively perpetrated in hardware. It remains to be seen whether there'll turn out to be a (hard/firm)ware element in Dell's attempted machinations but the intent is clearly there. So I'm with SR on this. Lenovo & Dell have both proven themselves unfit for purpose.

      3. Ken Moorhouse Silver badge

        Re: The problem is not Dell (or Lenovo) hardware

        The problem is the "Dell Product". Subtle difference. The only* way to buy "Dell Hardware" is to buy "Dell Product".

        Presumably when a "Dell Product" has been signed off the production line for QA purposes it is the overall product that has been signed off, not just the hardware. It is conceivable that the product may fail if it is stripped of its' software, then re-initialised and alternative software rolled out upon it.

        If this were to happen and you ring Tech Support to say "my system is not working" the techies will say "OK, let's install the factory supplied software. Right, now does that work?" "Yes then I'm sorry sir/madam, but this is a software problem." If a Dell engineer (sub-contracted to Unisys in my experience) were to come down to fix your hardware at your premises then they would do exactly the same thing.

        *Except if Dell ships non-selling product through a "remainder-broker" where you could potentially buy "Dell Hardware" without the froth. But if something ships through that channel, would you be interested in buying it anyway?

        1. Steven Raith

          Re: The problem is not Dell (or Lenovo) hardware

          "If this were to happen and you ring Tech Support to say "my system is not working" the techies will say "OK, let's install the factory supplied software. Right, now does that work?" "Yes then I'm sorry sir/madam, but this is a software problem." If a Dell engineer (sub-contracted to Unisys in my experience) were to come down to fix your hardware at your premises then they would do exactly the same thing."

          This. Exactly this.

          Steven R

      4. Mark 85 Silver badge

        Re: Next time I have a hardware procurement choice....

        Actually, if they give that much of a crap about their software, can the hardware be right behind them? Pinching pennies on parts is one thing but this software problem indicates that the company has some serious issues that they need to address and their public response has been less than upfront.

        I would knock them off the supplier list if I had that power where I work. We IT bods have enough on our plates without having to play games with suppliers.

    2. Robert Helpmann?? Silver badge
      Childcatcher

      Re: Next time I have a hardware procurement choice....

      Suddenly building your own servers is starting to look like a good idea again, if you appreciate actual security and must use Windows.

      Or at least creating custom images from scratch and then standardizing on those rather than the canned OS that the manufacturer provides. Unless the manufacturer includes this sort of malware in their equipment's drivers... You are right, cross them off the list.

      1. John Brown (no body) Silver badge

        Re: Next time I have a hardware procurement choice....

        "the canned OS that the manufacturer provides"

        the canned OS that the manufacturer provides sells you.

        FTFY

        Why do corporate purchases include a pre-installed WIndows OS + licence when the first thing they do is re-image them? Does the volume licence they pay mega££££ for require an OEM licence be attached to the PC or something?

    3. Anonymous Coward
      Anonymous Coward

      Re: Next time I have a hardware procurement choice....

      Well it's any vendor selling you a Windows box really. Lenovo used a sanctioned MS method to root Windows (even clean installs).

      When you elect to run an OS like Windows from a vendor like MS; you only have yourself to blame.

  5. Anonymous Coward
    Anonymous Coward

    Target demographic?

    "If I were a black hat hacker, I'd immediately go to the nearest big city airport and sit outside the international first class lounges and eavesdrop on everyone's encrypted communications," Graham says.

    "I suggest international first class, because if they can afford US$10,000 for a ticket, they probably have something juicy on their computer worth hacking."

    Good luck with that! Personally I'd be more inclined to lurk at the smeggiest end of coach. This *is* Dell shit we're talking about.

  6. Arctic fox
    WTF?

    I am beginning to wonder whether being brain dead is regarded as a qualification.......

    ..........for senior managers. Didn't anyone at Lenovo (about a year ago) or Dell now (twice) not think about the damage to their own interests that this kind of shit does?

    1. Anonymous Coward
      Anonymous Coward

      Re: I am beginning to wonder whether being brain dead is regarded as a qualification.......

      Senior managers don't tell devs to do brain-dead things like bundling private keys with root certificates. Maybe they're responsible for trimming software engineering budgets to the point where they can only afford to employ monkeys, but it's the monkeys committing these particular cock-ups.

  7. Anonymous Coward
    Anonymous Coward

    Glenys!

    I think my laptop is ROOTED again!

    Call IT, get a monkey up from the basement.

  8. Dan 55 Silver badge
    Trollface

    If they can afford US$10,000 for a ticket...

    ... they can afford an Apple.

    1. Velv
      Trollface

      Re: If they can afford US$10,000 for a ticket...

      Out of the frying pan...

      ... into the fire!

      Troll cooking time :)

  9. Nigel 11

    They also need to kill Dell.

    That's what you said. A bit impractical, though quite justifiable in the circumstances....

    OK, I managed to parse it correctly the second time around. "They also need to kill Dell.Foundation.Agent.Plugins.eDell.dll to stop persistence."

  10. Anonymous Coward
    Anonymous Coward

    Executive in an an airport lounge?

    Probably checking escort sites to book one at destination for the evening. You could p0wn them directly from there.

  11. Danny 2 Silver badge

    Bitter old man

    Dell was the first place I encountered ageism. "The average age here is 27, do you really think you could fit in?" I was only 32! "Er, I find a wider range of ages makes for a more efficient environment." Thievin' eejits never even paid my promised travel expenses, and Limerick is not exactly a tourist destination unless you're a midge.

    I told this to every subsequent, and invariably older, boss since then and they all dropped Dell.

    1. Destroy All Monsters Silver badge
      Windows

      Re: Bitter old man

      The average age here is 27

      No wonder one gets rolling waves of greenhorn shit pissing off customers then.

      People at 23 just can't do it. Even if they think they can.

    2. Vic

      Re: Bitter old man

      I thought you were in prison?

      Vic.

      1. Danny 2 Silver badge

        Re: Bitter old man

        I was in a police cell, promised prison. I am told prison now awaits in February. I did emerge with irrelevant anecdotes, but I won't inflict them here unless you ask me to. Like any vampire, I never cross a threshold without invite in.

        1. Anonymous Coward
          Gimp

          Re: Bitter old man

          "I did emerge with irrelevant anecdotes..."

          Ooohhh.... YES PLEASE!!!

          Here?

          (consider that an invite) >:)

          Also... WTF did you do to earn your just(?) desserts?

          February ----------->

    3. terry doyle

      Re: Bitter old man

      I have a friend that flew in to Dublin for an interview with Dell (they promised to reimburse his flights) ... they later said they wouldn't cos they only reimburse if you get the job!

      Shameful carry on

  12. Fitz_
    1. This post has been deleted by its author

  13. Bronek Kozicki Silver badge

    I watched youtube video in HD

    ... and it is not like there would be private key was something encrypted inside executable or hidden elsewhere. It is in plain sight, scroll to 1:00 - 1:03 , you will see at the bottom of root certificate "You have a private key that corresponds to this certificate". Wow, my very own CA root!

    There is one thing missing - it could be that the certificate is different on each Dell computer, since we have only seen video on one machine. Well, yeah, I am not counting on this. This was obviously made by clueless morons, under charitable assumption that malice is not involved.

  14. Anonymous Coward
    Anonymous Coward

    Only a fool would leave the bloatware in anyway... Me, personally, when I get a new laptop or brand PC, I *always* re-format and re-install from scratch.

    Take off and nuke the entire software from orbit...

    ...that's the only way to be sure.

    1. Vic

      Take off and nuke the entire software from orbit ... that's the only way to be sure.

      It's no longer sure. WPBT persists across a drive wipe. It's a permanent rootkit.

      Vic.

      1. Neil Barnes Silver badge
        Linux

        Bet it's not that persistent across a different OS.

    2. Tom 7 Silver badge

      ReTake off and nuke the entire software from orbit...

      They put in UEFI just in case you tried that!

  15. Sixtysix
    Go

    OEM Builds...

    Sometimes (goes in phases) I get asked why we go to the bother of creating our own Gold Image, and rebuilding every machine that we use when they are delivered with the latest and greatest O/S, trial software and up-to-date drivers for the modern wiz-bang add-on toys that everyone wants to play with...

    Then this sort of thing happens, and I get to point and laugh. Thanks boys, for helping justify good security practice!

    Too easy...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020