Sunday, November 22, 2015

New Dell computer comes with a eDellRoot trusted root certificate

I recently purchased a Dell Inspiron 5000 series notebook (October 2015).  Setting things up, I was surprised to see a trusted root certificate pre-installed on the machine labeled "eDellRoot".  I'm having a tough time coming up with a good reason that Dell Computer Corporation needs to be a trusted root CA on my computer.

It has me thinking things similar to the Lenovo mistakes earlier this year with Superfish which I described at the time on twitter as "Lenovo commits corporate suicide".  With this eDellRoot presence causing curiosity, I posted again on twitter and this has resulted in some queries to more specifics on what I know.

I'll start with the MMC console certificates view of the installed cert.

Observe, the eDellRoot certificate is a trusted root that expires in 2039 and is intended for "All" purposes.  Notice that this is more powerful than the clearly legitimate DigiCert certificate just above it, which spikes more curiosity.

Drill in to see the certificate details and alarm bells start going off. 

"You have a private key that corresponds to this certificate".  This is getting very fishy!  As a user computer, I should NEVER have a private key that corresponds to a root CA.  Only the certificate issuing computer should have a private key and that computer should be ... very well protected!

Certificate details

Serial number starts with "6b c5 7b 95 18 93 aa 97 4b 62" and the keys are marked non-exportable.  Notice that this doesn't mean that the private key isn't accessible, it only means that it isn't exportable.  Anyone possessing the private key which is on my computer is capable of minting certificates for any site, for any purpose and the computer will programmatically and falsely conclude the issued certificate to be valid.

This is the same action that existed with Superfish and in that case, Lenovo made the tremendously awful action of using the SAME private key on every computer.  Has Dell done the same?  When I get a few minutes, I'll try this technique to dump the private key.

Is it Dell?

Consider, while I do know that this certificate came pre-installed on the computer and I do know that it is named "Dell", I do not actually know that this certificate came from Dell Computer Corporation.  Root certificates are always self-signed, so all I really know is that eDellRoot says eDellRoot is legit. Where it breaks down is that the private key IS PRESENT on my computer and that means ... bad.

I'll note that I do not see MITM website proxy as described in this Sophos blog and the sites visited check out clean using Steve Gibson's fingerprints service.  A spot checking of web browsing here and there also shows certificate chains checking out as I would expect.  What is the purpose of eDellRoot?

And request arrives, Joe, would you kindly share the eDellRoot certificate from your computer?  Okay, here you go, link

I look forward to reading comments,

Joe Nord


Brent Maxwell said...

I found the certificate on my Inspiron purchased in July. I also noticed that there was a certificicate in the personal store issued to localhost from that CA.

Unknown said...

Hi Joe,
My name is Laura and I work for Dell. Customer security and privacy is a top concern for us. We have a strict policy of minimizing the number of pre-load applications and assessing all applications for their security and usability. Dell has an extensive end-user security practice that develops capabilities and best practices to best protect our customers. We have a team investigating the current situation and will update you as soon as we have more information.

Brian Kemp said...

Someone in the reddit thread says that it'll show up on older machines post-update:

Ricardo Wong said...

Bought a computer in june, certificate matches. Thanks for sharing this information.

Justin Goldberg said...

This command would delete the certificate if I could find it's serial number. The help for the certutil command is huge and obtuse. This would be good for a network logon script if you had a lot of these deployed without MDT/SCCM imaging.

certutil -delstore my serialnumber

Steven Walter said...

I have an Precision M2800 running Windows 7 that I purchased in Dec 2014 that has the unsigned eDellroot certificate.

I called Dell support and they told me since it was a software problem that they would refer me to consult with their fee-based software support for

Jan Klos said...

To export private keys marked as non-exportable, you do not even need to use procdump or apply any kind of reverse engineering. Just use ( )

ecravn said...

Also FYI it looks like Dell System Detect (a support software provided by Dell) will add another trusted root cert with a private key onto your system. This cert is called "DSDTestProvider".

AuraleiAnti2 said...

Great Content. I appreciate getting this reliable information from you.
Thanks for sharing this great content. I love reading your posts. They are inspiring. I have some relevant information you can review below
Auralei Anti-Aging Serum experience
Auralei Anti-Wrinkle Moisturizer order

Aram Gregor said...

Greatly said. If you facing any problem with dell products then contact us.
Dell Computer Help | Dell Computer Service

Päivi & Santeri Kannisto said...

You can avoid troubles if you format your Dell and re-install it using the drivers provided by original equipment manufacturers. Some drivers what you can't find, you can strip out from DUPs using 7zip (Open Inside) and avoid Dell's script. This way we managed to make our Dell Vostro 14 5000 Series laptop safe and secure with absolutely no ties to Dell.

Marta Adamiak said...

woooow! You are the best!! advertising agency billing software Best wishes! have a nice day!

Raymond said...

I have an Inspiron as well. I don't use it any more because of some problems it developed over time. However, I am loyal to the brand and currently use another Dell. Maybe I should check that out, or is it only a problem on the Inspiron? That sounds really strange to me. Dell does such a good job with ensuring that customers have a good service.

Raymond @ CKS Global Solutions LTD

SATTA KING said...

satta matka
Kapil Matka
Satta Matka Result
Main Mumbai Result
Kuber Matka


Joseph Smith said...

Thanx for the share your data with us. We are just waiting for new data. Call us for DELL PRINTER DRIVER at Toll-free 1-888-993-6399 USA, for Dell Customer Service troubleshooting and all problems related to dell printer.

Ezy Deal said...

For a long I am looking for the new Dell laptop and if you know any online dell laptop provider then plz inform me about that...Online dell laptop

Alema sara 1-800-723-4210 said...

Nice blog.... is here We help you installing and setting up all your drivers and product related you Dell products. Count us on the installation purpose and get the best support server.

Dell Technical Support Phone Number

Deepakala said...

This is really nice. Thanks for sharing this informative article. 3830

aman said... helps the dell user to install drivers and many type of helps
.Dell technical support

Ezy Deal said...

If you are looking for the new Dell laptop model so I want to suggest you that new launched Dell Inspiron 5567 Laptop is best for you all and if you want you can placed your order through

aman yadav said...

Dell technical support USA and CANADA helpline number 18007234210
click here to vist website DELL TECHNICAL SUPPORT

allie Smith said...

Problem in using external storage device on the Dell Computer and you want quick soution then just ring on Toll Free +44-800-098-8371 Dell Laptop Help Number.

Alema sara 1-800-723-4210 said...

Nice information this blog....

Dell® Technical Support products are technically advanced but the general technical problem is wrong configuration or the lack of knowledge.

Dell Technical Support

Unknown said...

Dell Technical Support Phone Number & Dell help phone number 1-800-723-4210 for troubleshoot Dell problems for Computer, Laptop, Printers, we help to resolve quickly our services USA and Canada.
Log on :
Mail id :
Call Toll Free : 1-800-723-4210

Technical Support Number 18007234210 said...
Dell Essential Customer Support and Support Phone Numbers Dial + 1-800-723-4210

Technical Support Number 18007234210 said...

Call +1-800-723-4210|Dell Technical Support Phone Number USA $ Canada

ekansh said...
need more solutions for dell

vikki kumar said...

Troubleshooting of start-up errors
Upgrades and installation of windows Operating system
Detection and removal of malicious programs
Upgrades and installation of drivers, anti-virus programs
dell computer support,dell computer technical support ,dell technical support
dell computer support

vikki kumar said...

if you are facing issues like power issues, drive installations, screen get freeze,
hanging issues or any other technical error then you can get in touch with their customer
support by calling anytime at Dell customer support number and avail tech support
so that we can do the needful for you
We are touching with you 24*7.
dell computer support

vikki kumar said...

Unable to install drivers
Printer showing offline
Page is not aligned correctly
Getting error with printer spooler?
dell computer support

Rajan Singh said...

I didn't know about edeelroot certificate i only know about Digicert but now after reading this blog i know much more more about . But i have a question it it more secure than other certificates?

Dell Laptop Repair in Gurgaon
Laptop Repair in Gurgaon

Massachusetts said...

Thanks for sharing this list. Very grateful. I work at mobile app testing company where i think it will be definitely useful.

123 HP Com

Unknown said...

Nice blog...

Windows Tech Support

Unknown said...

Nice blog...

Windows Tech Support

James Williams said... 01444-390-866.Norton Support Phone Number, Norton 360 Phone Support, Norton Security Phone Number, Norton Helpline ,Norton Tech Support Number, Norton Tech Support, Norton antivirus customer service, support for Norton, Norton toll free number, Norton Tech Support phone number, Norton antivirus tech support phone number ,Norton antivirus tech support number, Norton antivirus technical support number ,Norton technical support number, Norton tech support number, Norton tech support phone number us, Norton tech support telephone number, Norton 360 phone support, Norton 360 telephone number, Norton 360 helpline, Norton 360 support phone number, Norton security phone number ,Norton support phone number ,Norton support phone number us, Norton helpline, Norton helpline phone number . 01444-390-866.

Addison said...

Nice Blog , This is what I exactly Looking for , Keep sharing more blog .

Alec said...

Really i am impressed from this post....the person who created this post is a genius and knows how to keep the readers connected..

Sumit Kumar said...

At the time we look familiar for the latest version of office setup toll free number for usa +1800-214-7583 we have our Microsoft office setup top tier interviews line-up. In order to provide the best quality and most complete to measure experience for our clients Microsoft Office setup support team is available 24*7 just give us a call on our toll free number 1-800-214-7583 We us we are available to support you. Toll-free Number Are the best way to join with offer best technical support and services. The time you want to attach with customers and offers them best Microsoft Office Customer Support. MS Office Product Key Support Website: Toll free Number 1800-214-7583….Office Setup Support I I

Dell Technical Support said...

Easy Fix Of Issues With Dell Technical Support Phone Number1-844-395-2200 has now come up with mind blowing Dell Technical support help to give you a peace of mind solution.

Rosie Smith said...
This comment has been removed by the author.
Rosie Smith said...

Products from Microsoft are being used at home and office but, when it shows tech issues while working then, get connected with the Microsoft experts to get solution of that at 0800-090-3921. Microsoft Customer Care Number UK

Wow Thinking said...

Wow nece to read this post, need help? Call us at Norton Support Phone Number Canada 1-888-582-4887 for Norton Technical Support & Help in Canada.

Allie Smith 0800-090-3234 said...
This comment has been removed by the author.
Unknown said...

After purchasing Office you need to visit to install and we ... one for you. is a UK Based MS Office tools support.... Call us this 24X7 toll free no 1800-214-7583 and our Microsoft Office...Call us this 24X7 toll free no 1800-214-7583 and our Microsoft is support for you to enhance ... Call us this 24X7 toll free no 1800-214-7583 and our Microsoft Office setup...Call us this 24X7 toll free no 1800-214-7583 and our Microsoft Office setup assistant will call you and ask the issue right now. is MS...MS Office Helpline number AUS, UK Website: MS Office Product Key Support Website: Toll free Number 1800-214-7583….
Office Setup Support I I
And Click Here:

Technical Support UK 0800-090-3234,3242 said...

Really i appreciate the effort you made to share the knowledge.
Dell Printer Support Number UK
Dell Printer Contact Number UK

Allie Smith 0800-090-3234 said...

I am really enjoying reading your well written blog.

Microsoft Phone Number UK

Microsoft Phone Number UK

Catelyn John said...

I know about New Dell computer comes with a eDellRoot trusted root certificate, I like this.
You can dial Dell printer helpline number UK 0808-101-3524 toll free to get instant help.