Dell apologises for security flaw that leaves users vulnerable to hacking attacks

Computer giant Dell has apologised to customers for selling new computers with an insecure programme that could leave users susceptible to hacking attacks.

A pre-installed security certificate called 'eDellRoot' on some recently-made Dell laptops has been found to make users vulnerable to hackers and can only be removed manually.

The eDellRoot certificate could be exploited used to create a 'back door' in the machine that could allow hackers to read encrypted messages and redirect internet traffic to fake websites that trick the user into giving away personal information like bank details and passwords.

Dell has apologised following the discovery of the flaw and has released guidelines on how to remove the certificate manually - but the latest software update should also fix the problem, the company says.

In an official blogpost yesterday, a spokeswoman for the company said:

A software update, released today, will also automatically detect and remove the certificates from any affected machines, Dell says.

eDellRoot Certificate Removal Instructions

According to Dell, users can download a patch here that will automatically remove the certificate.

Customers who want to do the removal manually can follow these instructions from Dell:

  • Open Task Manager by right clicking on the taskbar and select 'Task Manager' from the menu.

Credit: Dell/Microsoft

  • Select the 'Services' tab in the Task Manager window.

Credit: Dell/Microsoft

  • Click on 'Open Services' at the bottom of the 'Services' tab.

Credit: Dell/Microsoft

  • Look for 'Dell Foundation Services' and select it.

  • Click 'Stop the service'.

  • The 'Services' window should look like the image below after the service has stopped.

Credit: Dell/Microsoft

  • Open 'File Explorer' and navigate to 'c:\Program Files\Dell\Dell FoundationServices' and delete the 'Dell.Foundation.Agent.Plugins.eDell.dll' file.

Credit: Dell/Microsoft

  • You may be prompted with a warning. Click 'Continue' to delete the file

  • Hit the Windows key on the keyboard and type 'certmgr.msc'.

  • You may be prompted to allow the program to make changes to the computer. Click 'Yes'.

Credit: Dell/Microsoft

  • When the certificate manager window opens, double click on 'Trusted Root Certification Authorities' on the left panel. Then double click the 'Certificates' folder.

Credit: Dell/Microsoft

  • Select the eDellRoot certificate from the right panel.

Credit: Dell/Microsoft

  • Delete the certificate by clicking the "X” icon in the toolbar.

WARNING! Make sure ONLY the 'eDellRoot' certificate is selected like the example below before clicking the delete button. Deleting any other certificate may cause your system to function improperly.

Credit: Dell/Microsoft

  • You will be asked to confirm deletion of the 'eDellRoot' certificate. Click 'Yes'.

  • After deletion, the 'eDellRoot' certificate should be removed from the certificate manager's window as shown in the image below.

Credit: Dell/Microsoft

  • Go back to the 'Services' window and select 'Dell Foundation Services' and click 'Start the service'.

Credit: Dell/Microsoft

  • Close all windows that were opened.

  • The eDellroot Certificate is now removed from the computer.