Some Dell Systems Are At Risk Of New Hacks

May 25, 2019

Written by wukovits

Do you use Dell equipment at home or in your office?

If so, then the recent discovery made by independent security researcher Bill Demirkapi should give you pause.

Recently, Mr. Demrikapi discovered a flaw in the company’s SupportAssist utility that comes pre-installed on most Dell systems.

If you have an older Dell, know that SupportAssist was recently re-branded and was formerly known as Dell System Detect, which may be a name you’re more familiar with.  At the root though, it’s the same code and both versions of the code have the same flaw.

The program is designed to interact with Dell’s support website. This is where it will scan for service codes and tags that match your system and then automatically download and install driver updates as needed to keep your system up to snuff. It’s a good piece of software that performs a valuable function, so it probably comes as no surprise that hackers took note and promptly found a way to take advantage of the code’s functionality.

Dell, who has been working with Mr. Demirkapi since he reported the issue to them, explains it thusly:

“An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.”

In essence, the hackers use a variety of tricks to fool your system into thinking it’s getting updates from Dell, when in fact, it’s being fed poisoned files from a site controlled by hackers.

The bug impacts all Dell SupportAssist Client versions prior to version 3.2.0.90.  The company has already fixed the issue. The main takeaway here is to check your SupportAssist version number to see if you’re in the safe zone, and if not, download the latest version right away.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Update VMWare Software Immediately To Avoid Possible Attack

The US Cybersecurity and Infrastructure Security Agency recently issued a warning to all companies running VMware Vcenter Server and VMware Cloud Foundation. They are asking them to download and apply the latest security patches as soon as possible because attackers...

Send us a message

Your message was sent.