On Dell computers appear to present certificates are more dangerous than just eDellRoot root certificate which since yesterday is to warn and allowing users to be attacked. Reported that the security firm Duo Security on the basis of its own research.
Dell turns since August computers to install the same root certificate called eDellRoot, including associated private key.Something that, according to researchers at Duo Security is a pretty big mistake. " Using the certificate can be man-in-the-middle attacks against users are executed and it is for example possible to install malware or encrypted connections to eavesdrop. In addition, there appears to be a second eDellRoot certificate. The second license was found on 24 IP addresses. Which models are exactly is unknown.
"It suggests that Dell is deliberately identical keys in other models. This is a blatant disregard for basic cryptographic security," said the researchers. One of the systems used was accessible via the internet and certificate to offer Web services over HTTPS was a SCADA system. Such systems are used, among other vital infrastructure.
Finally an Atheros Authenticode certificate was also detected for the signing software. The password of the certificate was cracked within six hours. However, the certificate was found to have expired already, which restricts the possibility for abuse. However, it seems that the certificate was in use at the time that it was still valid.
Manufacturers Do Not Learn
According to the researchers, the discovery reveals a disturbing trend among manufacturers. Adding Trusted Certificates to a system, and especially root certificates can expose users to unnecessary risks. "Unfortunately it appears that manufacturers do not learn from past mistakes and keep them to keep repeating," the conclusion of the research (pdf). Dell has now indicated that it eDellRoot certificate via an update will be removed.
No comments:
Post a Comment