News that some Dell laptops are shipping with at least one, and possibly two, rogue root certificates represents a potential security breakdown in production processes, say security experts.

The discovery of potentially two vulnerable security certificates being shipped on Dell PCs has reignited the debate on pre-installed software.

The debate was raised in February 2015 when Lenovo was found to be shipping the Superfish pre-installed adware that made customers vulnerable to HTTPS man-in-the-middle attacks through its use of self-signed root HTTPS certificates.

Dell has also been using self-signed root certificates as part of a support tool, to provide information to make it faster and easier for their customers to service their system, but like Superfish, the eDellRoot certificates introduced a significant security vulnerability.

But Dell emphasised in a blog post that the eDellRoot certificate is not malware or adware, and is not being used to collect personal customer information.

Security experts have warned that attackers could easily clone these certificates by using hacker tools to extract the private key contained by the certificates to impersonate any HTTPS-protected website or to impersonate Dell, which would enable attackers to steal personal data, install data-stealing malware, or hijack the PC as part of a botnet.

Dell responded quickly by publishing a guide on how to remove the vulnerability once the issue was flagged up by Kevin Hicks, aka rotorcowboy, on Reddit. The company also said it would issue a software update to remove the certificate.

However, Laptop Mag claims to have discovered a second self-signed certificate called DSDTestProvider that also contained a private key on recently made Dell XPS 13.

Dell has subsequently responded by releasing a fix, reports the BBC. The company said the second problem affects users who downloaded its Dell System Detect product between 20 October and 24 November 2015, and was not pre-installed on computers.

Dell said the product was removed from its site once the issue was spotted and a replacement application was made available.

"The news that some Dell laptops are shipping with at least one, and now likely two, rogue root certificates represents a potential security breakdown in the process of laying down the factory operating system image on new laptops for consumer use,” said Tod Beardsley, security engineering manager at security firm Rapid7.

He urged users to contact their support representatives for instructions on how to remove these rogue certificates.

“Users rely on factory images of operating systems to be reasonably secure by default; the act of re-installing an operating system from original sources is often beyond the technical capabilities of the average end user,” said Beardsley.