Additional Self-Signed Certs, Private Keys Found on Dell Machines

November 24, 2015

eDellroot is not the only self-signed trusted root certificate on Dell computers. Researchers at Duo Security found two more on a Dell Inspiron 14-inch laptop purchased by Darren Kemp, one of its researchers who is based in Calgary, Canada, including one cert related to eDellroot that also ships with a corresponding private key, and a Atheros Authenticode certificate and private key used to sign Bluetooth drivers.

The impact of the two other certs is limited compared to the original offender. The Bluetooth certificate has been expired since March 2013, but Duo Security director of research Steve Manzuik said it was in the wild for 10-15 days. Now that the cert is expired, it could cause problems for the drivers.

Read full story…