PCs running Dell support app can be uniquely ID’d by snoops and scammers

App allows websites to surreptitiously acquire customers' service tag numbers.

dell-id-tracking-640x190

On Monday, Ars reported that Dell was shipping PCs that came pre-installed with digital certificates that made it easy for attackers to cryptographically impersonate any website on the Internet. Now, a researcher has shown that many Dell computers can be surreptitiously forced to reveal the number company employees use to identify customers.

The unique Dell service tag can be used to fingerprint users even when they turn on the private browsing mode of their favorite browser, delete all browser cookies, or take other steps to block being tracked. The ID can also be entered into this Dell webpage to obtain warranty information. Fraudulent computer support services, which claim to be from Microsoft or another well-known company in an attempt to gain control of a target’s machine, could also use the identifier to make their ruse more convincing.

Websites can surreptitiously acquire the ID of just about any Dell machine that’s running Dell Foundation Services, an official Dell application designed to make it easier for customers to get technical support. As this proof-of-concept site demonstrates, the exploit works relatively quickly and reliably. While it’s transparent about what it’s doing, there’s nothing stopping other sites from running the ID-scraping code in the background so users have no idea they’re being tracked.

If Dell Foundation Services sounds familiar, it’s because it’s the app that used the eDellRoot digital credential that put customers’ HTTPS-protected Web sessions in jeopardy. A pseudo-anonymous researcher who created the proof-of-concept tracking site said his exploit works even when Dell customers have uninstalled the eDellRoot certificate using the removal tool or instructions Dell released Monday night. The only way to stop the tracking right now, the researcher said, is to uninstall the application.

A Dell spokeswoman told Ars that company officials are investigating the vulnerability report and don’t yet have a comment. That means there may be important nuances or exceptions to what is known at this moment. Still, out of an abundance of caution, Dell users should strongly consider uninstalling Dell Foundation Services if it’s already on their machines, at least until company officials have time to weigh in on this new development.

 

SOURCE: Dan Goodin | Ars Technica

Leave a Reply

Your email address will not be published. Required fields are marked *