Dell is facing more backlash Wednesday after a second security flaw was found in its consumer PCs.
According to Carnegie Mellon University researchers (backed by the U.S. government), the second security flaw affects users who downloaded Dell System Detect products. The flaw – like the one found earlier this week – could leave a user’s personal information vulnerable to hackers.
The new issue affects users who downloaded Dell System Detect – a tool provided by Dell to help provide customer support – between October and November.
If exploited, the flaw could allow hackers to spy on a user’s encrypted private data using a man-in-the-middle style attack (MiTM).
“An attacker can impersonate web sites and other services, sign software and email messages, and decrypt network traffic and other data. Common attack scenarios include impersonating a web site, performing a MiTM attack to decrypt HTTPS traffic, and installing malicious software,” read the vulnerability warning issued by researchers.
Dell has since removed the Dell System Detect tool from its website and is planning to release a software patch to fix the issue.
On Monday, Dell admitted that another support tool – which came pre-installed on many of its consumer PCs – contained a similar security flaw that could allow hackers to spy on a user’s encrypted online activity, including intercepting emails and spying on online banking activity.
The company has not revealed how many computers or which specific models are affected; however, according to reports, the company began pre-installing the software in August.
Dell has provided step-by-step instructions on how to remove the certificate from your system on its support page. The company has also pushed a software update to users that will check for the certificate and remove it if it’s detected.