Dell Inc. said on Monday a security hole exists in some of its recently shipped laptops that could make it easy for hackers to access users’ private data.
A pre-installed program on some newly purchased Dell laptops that can only be removed manually by consumers makes them vulnerable to cyber intrusions that may allow hackers to read encrypted messages and redirect browser traffic to spoofs of real websites such as Google or those belonging to a bank, among other attacks.
"The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience," Dell said in a statement to Reuters. "Unfortunately, the certificate introduced an unintended security vulnerability."
Dell declined to say how many computers or which specific models are affected.
The problem has to do with an SSL certificate that comes pre-installed on a number of the company's laptops, according to a programmer named Joe Nord, who discovered the issue.
The software began getting installed on laptops in August, according to a Dell spokeswoman. The company also said future systems would not contain the bug. Dell said it would provide customers with instructions to permanently remove the certificate by email and on its support website, a process that will likely be highly technical.
Dell’s security flaw is similar to a so-called "Superfish" program detected on Lenovo computers earlier this year.