Dell made a massive security flaw in its computers that left them vulnerable to hackers - here's how to fix it
Attackers are able to impersonate websites - letting them harvest unwitting victims' passwords, banking details, and other confidential online data.
The problem stems from a security certificate that Dell has included in new laptops and computers since August 2016 that was, it says, "intended to make it faster and easier for our customers to service our system."
But it leaves customers vulnerable to man-in-the-middle attacks, where a website accessed using a public connection (like at an airport or coffee shop) can be spoofed, tricking them to providing details to a hacker.
According to security journalist Brian Krebs, the issue is present in all new devices sold since August.
If any of this sounds familiar, it's because it is: A similar issue affected Lenovo devices earlier this year. The computer manufacturer also left users vulnerable to interception - in that case, to insert adverts into webpages.
Want to know if you've been affected? There's a test site that will tell you: Click here to visit it. (We first saw it on Ars Technica.) If you didn't get a security warning, you're at risk.
If you have been affected, there are a number of ways to fix it:
- First, Dell has released instructions on how to locate and permanently remove the certificate from your machine: These instructions are downloadable here.
- Dell has also released an app that will automatically uninstall it for you: You can find it here.
- The company is also rolling out a software update on Tuesday "that will check for the certificate, and if detected remove it."