A pre-installed programme on some newly purchased Dell laptops that can only be removed manually by consumers makes them vulnerable to cyber intrusions that may allow hackers to read encrypted messages and redirect browser traffic to spoofs of real websites such as Google or those belonging to a bank, among other attacks.
“The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience,” Dell said in a statement to Reuters. “Unfortunately, the certificate introduced an unintended security vulnerability.”
Dell declined to say how many computers or which specific models are affected. The software began getting installed on laptops in August, according to a spokeswoman. The company also said future systems would not contain the bug.
Dell said it would provide customers with instructions to permanently remove the certificate by email and on its support website, a process that will likely be highly technical.
Dell’s security flaw is similar to a so-called “Superfish” programme detected on Lenovo computers earlier this year.