Computer hardware manufacturer Dell has admitted that some of its most recently distributed laptops were shipped containing a vulnerability that could leave the private data of users open to hackers.
The vulnerability follows a similar incident involving Lenovo, which earlier this year admitted its PCs cames with pre-installed security vulnerabilities.
Dell’s security loophole relates to the eDellRoot certificate, which is installed onto all newly manufactured Dell PCs. The certificate was installed with the intention of making it faster and simpler for customers to service their systems.
However, the certificate had the unintended consequences of making users more vulnerable to cyber intrusions by allowing cyber criminals and hackers to read their private encrypted messages and redirect browser traffic, potentially for the purposes of phishing and data theft.
Dell hasn’t revealed how many of its products have been affected by the vulnerability, or which specific models of laptops or PC it could be installed on. However, it’s known that the software responsible for the vulnerability was first installed on Dell units in August.
In response to the vulnerability being discovered, Dell has said it is “actively working to address this issue” and has offered customers advice to customers concerned over the eDellRoot certificate vulnerability.
“Customer security and privacy is a top concern and priority for Dell,” the company said in a statement issued to Computing.
“The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience. Unfortunately, the certificate introduced an unintended security vulnerability,” it said.
Dell added that it’s providing customers with instructions to permanently remove the certificate from their systems via direct email, their support site and Technical Support.
“We are also removing the certificate from all Dell systems moving forward,” the statement continued, adding “Dell does not pre-install any adware or malware”.
“The certificate will not reinstall itself once it is properly removed using the recommended Dell process,” it concluded.
Computing’s Enterprise & Risk Management Summit takes place on 26 November 2015 and is free to attend for qualified end users. Register here.