Posts Tagged: David Frink

Feb 16

Dell to Customers: Report ‘Service Tag’ Scams

Computer maker Dell is asking for help in an ongoing probe into the source of customer information that appears to have somehow landed in the laps of fraudsters posing as Dell computer support technicians. KrebsOnSecurity readers continue to report being called by scammers posing as Dell support personnel who offer “proof” that they’re with Dell by rattling off the unique Dell “service tag” code printed on each Dell customer’s PC or laptop, as well as information from any previous (legitimate) service issues the customer may have had with Dell.

Image: Wikipedia

Image: Wikipedia

In January, Ars Technica’s Dan Goodin wrote about a guy who’d been complaining to Dell for six months about the very same problem, in which the scammers try to convince the customer that their computer is infected and in need of professional services. Dell responded at the time that its customer’s data protection was a top priority, and it reminded customers that Dell doesn’t make unsolicited calls asking to charge to fix an issue they did not report or previously request help with unless they have signed up for premium support services.

I first heard about this in December 2015 from Israeli resident Yosef Kaner, who reported receiving a phone call from someone with a thick Indian accent claiming to be from Dell technical support.

“He said that they had been monitoring my computer usage for the past couple of weeks, and that I had downloaded a dangerous piece of software,” Kaner said. “He offered to help me remove said software. Understanding that this was a scam, I asked him for a callback number. He gave me one. He also, though, knew my name and gave me the Service Tag of my PC. I thanked him and hung up. Then I Googled the number he gave me. It was a known number from a known scam.”

Almost every week this past month, I’ve received similar messages from other readers. Like this one, from Lucy Thomson of Washington, D.C. Thomson is the author of the ABA Data Breach and Encryption Handbook, and a former Justice Department fraud prosecutor.

“So I am not happy that Dell has had this breach and many people are potentially in jeopardy,” Thomson said. “I confirmed with two of the people who called on two different days, one who said he was in San Jose, CA and another who said he was in India, the nature of the PII and service records they have. All of it was correct and they have quite a bit of contact information and service records with specific dates of calls and service.”

Thomson said she called 1-866-383-4713 (the real Dell’s support line) and told the technician about having received calls every day for the previous five days from people claiming to be Dell certified technicians or who worked for Dell.

“I then told him they had all my PII and Dell service records for the computer I purchased from Dell in 2012,” Thomson recalled. “He said they had received calls ‘from people like you,’ and ‘many customers have called.’ In response to my question about why they had not sent data breach notifications, he said ‘The legal team is in charge. The legal team is working with the FBI on this.’ He said that twice. At the end of the call he said ‘we are creating a platform so this will never happen again.'” Continue reading →

Nov 15

Security Bug in Dell PCs Shipped Since 8/15

All new Dell laptops and desktops shipped since August 2015 contain a serious security vulnerability that exposes users to online eavesdropping and malware attacks. Dell says it is prepping a fix for the issue, but experts say the threat may ultimately need to be stomped out by the major Web browser makers.

d3llAt issue is a root certificate installed on newer Dell computers that also includes the private cryptographic key for that certificate. Clever attackers can use this key from Dell to sign phony browser security certificates for any HTTPS-protected site.

Translation: A malicious hacker could exploit this flaw on open, public networks (think WiFi hotspots, coffee shops, airports) to impersonate any Web site to a Dell user, and to quietly intercept, read and modify all of a vulnerable Dell system’s Web traffic.

According to Joe Nord, the computer security researcher credited with discovering the problem, the trouble stems from a certificate Dell installed named “eDellRoot.”

Dell says the eDellRoot certificate was installed on all new desktop and laptops shipped from August 2015 to the present day. According to the company, the certificate was intended to make it easier for Dell customer support to assist customers in troubleshooting technical issues with their computers.

“We began loading the current version on our consumer and commercial devices in August to make servicing PC issues faster and easier for customers,” Dell spokesperson David Frink said. “When a PC engages with Dell online support, the certificate provides the system service tag allowing Dell online support to immediately identify the PC model, drivers, OS, hard drive, etc. making it easier and faster to service.”

“Unfortunately, the certificate introduced an unintended security vulnerability,” the company said in a written statement. “To address this, we are providing our customers with instructions to permanently remove the certificate from their systems via direct email, on our support site and Technical Support.”

In the meantime, Dell says it is removing the certificate from all Dell systems going forward. Continue reading →