A well-meaning feature that makes millions of Dell computers vulnerable

Researchers have known to Years about security issues With the foundational computer code known as the firmware. frequently full of weaknessIt’s hard to update with patches, and it’s getting worse Aim for real world attacks. Now, the well-intentioned mechanism of firmware update for Dell computers is vulnerable as a result of four primitive errors. And the These loopholes It can be exploited for full access to the target devices.

The new results Researchers at security firm Eclypsium affect 128 recent models of Dell computers, including desktop computers, laptops, and tablets. Researchers estimate that the vulnerabilities expose a total of 30 million devices, and even exploits running on embedded models Microsoft Safe PC Protection – A custom-created system To reduce the vulnerability of the firmware. Dell releases bug fixes today.

“These vulnerabilities are in an easy position to exploit. It’s basically like time travel, it’s like the 90s again,” says Jesse Michael, Principal Analyst at Eclypsium. and application, but it does not follow best practices in new firmware security features.”

Vulnerabilities appear in a Dell feature called BIOSConnect, which allows users to easily download firmware updates, even automatically. BIOSConnect is part of a broader update from Dell and a remote operating system management feature called SupportAssist, which has its own share of Weaknesses that may be problematic. Update mechanisms are valuable Objectives to attackers, as they can be contaminated to distribute malware.

The four vulnerabilities discovered by BIOSConnect researchers will not allow hackers to stream Dell firmware updates to all users simultaneously. However, it can be exploited to individually target victim devices and easily gain remote control of the firmware. Compromising a device’s firmware can give attackers complete control of the device, because firmware coordinates hardware and software, and serves as a precursor to the computer’s operating system and its applications.

“This is an attack that allows the attacker to go directly to the BIOS,” says Eclypsium researcher Scott Schafferman. “Before the operating system boots up and is aware of what is happening, the attack has already occurred. It is an elusive, powerful, and desirable set of vulnerabilities for an attacker who wants to persevere.”

One important caveat is that attackers cannot directly exploit the four BIOSConnect bugs from the open internet. They must have a foothold in the intranet of the victims’ devices. But the researchers stress that the ease of exploitation and lack of monitoring or logging at the firmware level would make these vulnerabilities attractive to hackers. Once the attacker hacks the firmware, it will likely remain undetected in the long run within the target networks.

Eclypsium researchers disclosed the vulnerabilities to Dell on March 3. They will present the results at the Defcon Security Conference in Las Vegas at the beginning of August.

“Dell has addressed several vulnerabilities of the Dell BIOSConnect and HTTPS Boot features available with some Dell Client platforms,” ​​the company said in a statement. Features will be automatically updated if customers have Dell automatic updates are turned on. “If not, the company says customers should install the patches manually” as soon as possible. “

However, Eclypsium researchers caution that this is one update that you may not want to download automatically. Since BIOSConnect itself is the vulnerable mechanism, the safest way to get updates is to go to Dell Drivers and Downloads website and manually download and install updates from there. For the average user, though, the best way is to update your Dell hardware but you can ASAP.

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button