Dell is currently in the hot seat as users accuse it of putting a Superfish-like digital certificate on a few of its laptops. The firm, however, denies the allegations and says that it is already looking into the problem.
Kevin Hicks, using the handle Rotorcowboy, took to Reddit and Twitter to report that he spotted a dangerous SSL certificate on his new Dell XPS 15 laptop.
"I got a shiny new XPS 15 laptop from Dell, and while attempting to troubleshoot a problem, I discovered that it came preloaded with a self-signed root CA by the name of eDellRoot," says Hicks.
He says that after discussing the issue with somebody else who also spotted the SSL certificate, he says Dell is shipping the laptops with the particular root certificate and private key that resembles the Superfish adware, which caused trouble for Lenovo back in February.
— Kevin Hicks (@rotorcowboy) November 22, 2015
Programmer Joe Nord initially discovered the certificate named eDellRoot. Nord says that Dell's permissions allow for the trust of any SSL certificate, which is actually a serious security problem.
In the meantime, Dell has finally talked about the issue, saying that its customers and privacy are its top-most priorities and it is already paying attention into this matter.
"Customer security and privacy is a top concern for Dell," says Dell in a statement sent to The Inquirer. "We have a strict policy of minimizing the number of preload applications and assessing all applications for their security and usability."
It adds that it has a comprehensive security practice that develops best practices and capabilities to safeguard its consumers.
The company also reiterates that its team is currently checking out the matter and it will soon provide more updates when it already has sufficient information.
We earlier reported that some of the laptops affected by this security flaw include the XPS 15, Inspiron 5000 and XPS 13. A possibility also exists that it is present in Dell's other laptops.
Update: Dell has already issued an apology for the security flaw. It also instructs users how to remove the certificate from affected laptops.