Dell PCs vulnerable to ID-scraping code
Following revelations earlier this week that pre-installed digital certificates shipping in Dell computers enabled attackers to impersonate websites by cloning cryptographic identifiers, came further news that many Dell PCs can also be tinkered with to expose the number employees use to identify customers, according to Ars Technica.
A Dell service tag that is customized to each device, can identify users while they browse – even if in a private mode and even if they delete all browser cookies or set various preferences to block tracking.
Miscreants posing as computer support service personnel can potentially gain control of a targeted machine by entering this ID into a Dell "Warranty Status" webpage, where customers go for technical support.
While a Dell spokesperson told Ars they are investigating the flaw, Ars urged users of any Dell device running Dell Foundation Services, the Dell app designed to allow customers to get technical support, to uninstall it – at least until its updated.