Another security flaw in a vendor’s bloatware apps puts users at risk.
A vulnerability in the Dell SupportAssist utility exposes Dell laptops and personal computers to a remote attack that can allow hackers to execute code with admin privileges on devices using an older version of this tool and take over users’ systems.
Dell has released a patch for this security flaw on April 23; however, many users are likely to remain vulnerable unless they’ve already updated the tool –which is used for debugging, diagnostics, and Dell drivers auto-updates.
The number of impacted users is believed to be very high, as the SupportAssist tool is one of the apps that Dell will pre-install on all Dell laptops and computers the company ships with a running Windows OS (systems sold without an OS are not impacted).
According to Bill Demirkapi, a 17-year-old security researcher from the US, the Dell SupportAssist app is vulnerable to a “remote code execution” vulnerability that under certain circumstances can allow attackers an easy way to hijack Dell systems.
Because the Dell SupportAssist tool runs as admin, attackers will have full access to targeted systems, if they manage to get themselves in the proper position to execute this attack.
ATTACK REQUIRES LAN/ROUTER COMPROMISE
“The attacker needs to be on the victim’s network in order to perform an ARP Spoofing Attack and a DNS Spoofing Attack on the victim’s machine in order to achieve remote code execution,” Demirkapi told ZDNet today in an email conversation.
This might sound hard, but it isn’t as complicated as it appears.
Two scenarios in which the attack could work include public WiFi networks or large enterprise networks where there’s at least one compromised machine that can be used to launch the ARP and DNS attacks against adjacent Dell systems running the SupportAssist tool.
Another plausible scenario is in situations where hackers have compromised the users’ local WiFi router, and are in a position to alter DNS traffic directly on the router.
As we’ve seen in the past few months, hacking routers to hijack DNS traffic isn’t a sophisticated attack anymore and is happening more and more often, mainly due to the sad state of router security.
ATTACK REQUIRES NO USER INTERACTION
As Demirkapi explained to ZDNet, the iframe will point to a subdomain of dell.com, and then a DNS spoofing attack performed from an attacker-controlled machine/router will return an incorrect IP address for the dell.com domain, allowing the attacker to control what files are sent and executed by the SupportAssist tool.
The good news is that Dell took the researcher’s report seriously and has worked for the past months to patch CVE-2019-3719, a task that concluded last week with the release of SupportAssist v188.8.131.52, which Dell users are now advised to install.
Code Execution Vulnerability Identified in Change Healthcare Cardiology DevicesA vulnerability has been identified in Change Healthcare Cardiology, McKesson Cardiology, and Horizon Cardiology devices. The vulnerability could be exploited by a locally authenticated...
29% of Small Businesses Spend Less Than $1,000 on IT Security Annually and Why They Are The Most Targeted
29% of Small Businesses Spend Less Than $1,000 on IT Security Annually and Why They Are The Most TargetedThe digital and network footprint of small businesses is continually growing. Online commerce, social media, remote workers, and cloud-based IT infrastructure are...
What Other Companies Can Learn from Facebook’s $5 Billion Fine and Why Privacy MattersWhile Facebook’s $5 billion settlement stands as the largest fine in the history of the Federal Trade Commission (FTC), one must take into consideration that not every company is...
Stay Up to Date With The Latest News & Updates
Join Our Newsletter
Get weekly tech updates and immediate alerts when there is a zero-day or security issue!