A few years back, there was a serious hue and cry by Dell users about the presence of the eDellRoot certificate on their PCs. Dell, backing down in the face of mounting public pressure, swiftly released an executable PC owners can use to automatically detect and remove the rogue certificate.
However, it seems that not everyone got the memo that the presence of eDellRoot makes their computers vulnerable to online attacks. After all, any certificate installed by the laptop manufacturer must be safe, right? Moreover, quite a lot of Dell users aren’t even aware of that certificate, what it is meant to do, and how it leaves the PC open to online scams.
This guide takes up the mantle to explain and expose this rogue security certificate, which is vulnerable to man-in-the-middle attacks. Mainly affected are people who purchased Dell XPS, Inspiron, and G-5/G-7 laptops.
But how exactly does a certificate meant to make your PC even more secure than usual suddenly become a possible entry point for malicious attacks? And how do you get rid of the eDellRoot certificate? Read on to find out everything you need to know about eDellRoot on Windows 10.
What Is the eDellRoot Certificate?
EDellRoot is a secure certificate shipped with certain Dell computer models produced since 2015. What sets eDellRoot apart from the other security certificates on the average laptop is that it possesses a vulnerability due to using the same private key on all computers on which it is installed.
Given that hackers can use the cryptographic key obtained from one Dell PC with this certificate installed to sign fake browser certificates, visiting a website with HTTPS protection on an affected Dell computer becomes less secure. With the security key, online criminals can simply manufacture a fake certificate that can mislead the browser into thinking the site is safe.
Criminals can intercept web traffic on a public network and use the acquired data for malicious purposes. And all this trouble because of a certificate purportedly installed by Dell to enhance communication between customers and the Dell support system.
Ostensibly, the eDellRoot certificate was added to new PC models by Dell for the quick provision of the system service tag so that Dell customer support personnel can quickly identify the PC model, drivers, OS, hard drive, etc. of the PC that requires attention, making it easier and faster to service.
The problem is that Dell installed this self-signing certificate, eDellRoot, along with its private key. Because the private key, which is supposed to be kept secret, was installed as well, hackers can have a field day using that private key to sign websites and software with the eDellRoot certificate and make them look legitimate to computers. This way, malware can be presented as a legit program, and malicious websites can be disguised as safe ones.
Do You Need the eDellRoot Certificate?
Dell apparently thought you did. That is why they shipped the certificate with some models, although they have been forced to discontinue the practice after public outcry over the vulnerability. The main thing you need to know is that the certificate, even if it had no vulnerability, is mainly useful for Dell support. They use it to find out key information about your PC, such as the model, architecture, installed Windows version, and so on. Getting the data automatically saves them and you precious time in figuring out your hardware and software configuration.
Apart from that, no, you don’t really require the certificate and nor should you shed a tear after getting rid of it. It is better to be safe than sorry, and the best way to be safe in this case is to completely remove the certificate from your Dell laptop.
Wait, What’s All the Fuss About Security Certificates?
A lot of communication, information exchange, and consequential transactions happen online. A secure way that stops the information from being intercepted by criminals had to be developed. This is the need that led to the use of security certificates.
If you take web servers as one end of an online exchange and web browsers as the other end, a security certificate checks whether one or both ends of the information exchange are genuine. The security certificate is issued by a Certificate Authority (CA). Every legitimate internet address must have a security certificate that other web servers can check through the CA. When a connection request is made, the browser checks the security certificate of the website, and if it checks out, a connection is established.
In simple words, here is what happens:
- The user launches a browser and types in an address.
- The browser prompts the web server to send its security certificate, along with its public key.
- The browser verifies the certificate with the issuing authority (CA) for validity and correctness.
- The browser uses the public key to create a symmetric key that it uses to encrypt the data to be exchanged and sends it to the web server.
- The web server receives the encrypted data and uses its own private key to decrypt the symmetric key, which it then uses to decrypt the encrypted data sent by the browser.
- The web server replies to the browser with the requested information, using the symmetric key created by the browser earlier to encrypt that information.
- The web browser receives the information in encrypted form and decrypts it using the symmetric key.
- The web browser displays the information as loaded content on the web page.
From the above, it becomes obvious how eDellRoot can be manipulated because its private key is easily obtainable.
How to Check for the EDellRoot Certificate on Your Computer
Many Dell users have asked how to remove the eDellRoot certificate vulnerability from their computers running Windows 10. Although Dell stopped shipping the certificate along with their computers some time ago, not everyone is lucky to purchase a new enough model that the certificate wasn’t shipped with. Therefore, it is important to find out whether eDellRoot is on the PC and to remove it if so.
There are a couple of ways to check whether you have eDellRoot installed. The best one is provided here.
Use Windows Certificate Manager
This tool contains all the certificates installed on the machine. It also displays the installation date, certificate issuer, and trust status of each installed certificate.
Here is how to use it:
- Press the Windows logo key to bring up the Start menu in Windows 10.
- Type “certmgr.msc” into the Start menu window to obtain some search results.
- Click the top result, and the Certificate Manager window will be opened.
- In the left menu pane, click Certificates – Current User.
- Under Certificates – Current User, click on Trusted Root Certification Authorities.
- Under Trusted Root Certification Authorities, select Certificates.
- You will see a list of certificates installed on your system by trusted root certificate authorities.
- Check the list for eDellRoot. It is arranged in alphabetical order, so just check the certificates beginning with “e”.
If you discover that eDellRoot is indeed installed on your Dell PC, you can go ahead and remove it using the instructions in the next section.
How to Remove the eDellRoot Certificate from a Dell Laptop
After discovering the presence of eDellRoot, you shouldn’t waste any time getting rid of it. Dell, having acknowledged their mistake, provided the methods to expunge the dangerous certificate from affected PCs.
Method One: Removing the eDellRoot Certificate Manually
- Press the Windows logo and X keys simultaneously to bring up the Quick Access menu in Windows 10. Windows 8 users can do the same thing.
- Select Task Manager from the Quick Access menu.
- When Task Manager opens, select the Services tab on the right of the tab selection bar.
- The Services window will display all the services on the computer. You need to go to the Service Manager tool from there.
- Click the Open Services link at the bottom of the Services page.
- The Windows services window will be displayed with a list of all the services on the PC.
- Scroll the list and look for Dell Foundation Services.
- Stop the service. Either select the service and click the “Stop this service” link in the left pane or right-click the service and select Stop.
- Next, minimize the Services window and open File Explorer from the taskbar.
- Navigate to the following location: C:\Program Files\Dell\Dell Foundation Services.
- In the folder, find and delete the Dell.Foundation.Agent.Plugins.eDell.dll file. If you get a UAC warning prompt, simply click the Continue button.
After performing these tasks, you’re now ready to delete the certificate properly. Without these preliminary actions, you might not be able to remove the certificate.
Here is what you should do now:
- Press the Windows logo key to bring up the Start menu in Windows 10.
- Type “certmgr.msc” into the Start menu window to obtain some search results.
- Click the top result, and the Certificate Manager window will be opened.
- In the left menu pane, click Certificates – Current User.
- Under Certificates – Current User, click on Trusted Root Certification Authorities.
- Under Trusted Root Certification Authorities, select Certificates.
- You will see a list of certificates installed on your system by trusted root certificate authorities.
- Find eDellRoot and select it.
- Delete the certificate by clicking the X icon in the toolbar at the top. You can also right-click the certificate and select the Delete option.
- Click Yes when the prompt asking you to confirm deletion comes up.
You’ve successfully deleted the eDellRoot certificate from your Dell PC. What is left now is to return to the Service Manager window and restart Dell Foundation Services. When you’re done, close all windows and you can resume using your PC without worries.
Method Two: Removing the EDellRoot Certificate Automatically
Aware that the method above might look tedious to some, Dell provided an executable file that automatically uninstalls the certificate from affected computers.
Just download and run this file, and it will remove eDellRoot for you.
Further Steps to Remove EDellRoot
Getting rid of eDellRoot might not be the only thing you need to do, especially if you’ve been using the PC for a long time without being aware of the presence of this vulnerable certificate.
Microsoft recommends using Windows Defender to uninstall eDellRoot from the certificate root store and the affected binaries that might re-install the vulnerable certificate.
Hackers might have used the certificate to install malware on your system. According to Microsoft, you should run a full scan with approved anti-malware software, like Auslogics Anti-Malware, to find and remove hidden viruses and other threats.
