Major US computer company Dell said on Monday US time a security hole exists in some of its recently shipped laptops that could make it easy for hackers to access users’ private data.
A pre-installed program on some newly purchased Dell laptops that can only be removed manually by consumers makes them vulnerable to cyber intrusions that may allow hackers to read encrypted messages and redirect browser traffic to spoofs of real websites such as Google or those belonging to a bank, among other attacks.
“The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience,” Dell said in a statement to Reuters. “Unfortunately, the certificate introduced an unintended security vulnerability.”
Dell declined to say how many computers or which specific models are affected. The software began getting installed on laptops in August, according to a spokeswoman. The company also said future systems would not contain the bug.
Dell said it would provide customers with instructions to permanently remove the certificate by email and on its support website, a process that will likely be highly technical.
Dell’s security flaw is similar to a so-called “Superfish” program detected on Lenovo computers earlier this year.
(Reporting by Dustin Volz in Washington; Additional reporting by Jim Finkle in Boston; Editing by Lisa Shumaker)