 |
 |
Apparently Dell looked at all the backlash against Lenovo and their SuperFish software and decided it was a great idea to emulate. http://joenord.blogspot.com/2015/11/new-dell-computer-comes-with-edellroot.html The quick overview is that Dell system images come loaded with a root CA trust. The private key is embedded in the cert, static and not randomly generated per install, there are no restrictions on the cert so it can be used for practically anything, and the private key was encrypted with the 'dell'. Don't forget to wipe systems with clean media when you get them! https://twitter.com/bquintero/status/668907167173484545 That's a proof of concept of someone signing an arbitrary executable with the cert.