It looks like things are not all that rosy over at Dell, as yet another Dell root certificate has been discovered, which is in addition to what we reported earlier on. Apparently, the Dell System Detect application will also do its bit by installing a self-signed root certificate on computers. This second certificate is known as DSDTestProvider, where it will be installed by an application that is called Dell System Detect (DSD).
Basically, users will be prompted to download and install this tool whenever they drop by the Dell support website and choose the “Detect Product” button. The initial certificate that was reported over the weekend is known as eDellRoot, where it was installed by the Dell Foundation Services (DFS). DFS happens to be an application which implements a slew of support functions.
Dell representative Laura Pevehouse Thomas shared, “The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers.”
Well, regardless of the original good intention, it looks like both eDellRoot and DSDTestProvider can be exploited by attackers to generate rogue certificates for any website.