Millions of Dell PCs can be hacked remotely — here's what you need to know

1. Home
2. News
3. Security

Millions of Dell PCs can be hacked remotely — here's what yous need to know

(Epitome credit: Time to come)

Astringent flaws in more 100 Dell laptop and desktop models could let hackers remotely take over the machines, security researchers revealed today (June 24). Upwards to 30 million devices may be affected.

The flaws, four in all, have to exercise with the BIOSConnect function in the Dell SupportAssist tool built into about contempo Dell machines. They permit an assaulter with admission to the local network to modify a machine'due south startup firmware (commonly chosen the BIOS) and take complete command.

• This iPhone bug kills your Wi-Fi — what you lot need to know
• The best laptops you lot can purchase right now
• Plus: Nvidia GeForce RTX 3060 restocks could get better presently — hither's why

As the researchers at Portland, Oregon-based Eclypsium put it in their study, "such an attack would enable adversaries to control the device'due south kick procedure and subvert the operating organization and higher-layer security controls" — full pwnage, in other words.

Two of the flaws were fixed on the Dell-server side in late May and are no longer a threat. Firmware updates for the other two were made available today and can be downloaded and installed from the Dell website.

If this sounds a chip familiar, it'southward similar to a prepare of BIOS-update flaws disclosed in Dell machines but about six weeks agone. However, those five flaws appear to involve a different update process than the one revealed today.

Dell told ZDNet that the BIOS firmware updates would be automatically installed equally long every bit users had machine-updates turned on. Merely given that the flaws are in the BIOSConnect automatic-update process itself, you may want to perform the BIOS update manually.

"We recommend that users not apply BIOSConnect to perform this firmware update," the Eclypsium report noted.

Eclypsium specializes in finding firmware and hardware flaws and revealed several such flaws in Dell, HP and Lenovo machines in early 2020.

Is your Dell machine vulnerable?

Starting time, not all Dell machines are vulnerable to these flaws. Dell counts 128 models that are affected, and they're listed in this Dell security informational.

Second, these steps apply only to machines on which yous accept full administrative rights. If you're dealing with a machine endemic or controlled by your workplace, then permit your IT staffers handle this. If someone else in your household has admin rights on your machine, let them handle this.

Third, you may need to turn off BitLocker drive encryption if you're running Windows 10 Pro or Enterprise. (Windows 10 Home machines, found on most consumer models, will not accept BitLocker installed.)

Search for "BitLocker" in the search bar in the lesser left corner of the Windows interface, and so select "Manage BitLocker" in the search-results page. If the resulting window states that BitLocker is off, so you're all fix. If it's on, then suspend BitLocker protection during the commuter-update process.

How to update your Dell estimator'due south firmware

Anyhow, if your Dell machine is on the list of vulnerable machines, or you're not certain which model you have, then follow these steps.

one. Browse to the Dell Drivers & Downloads page.

2. Permit the page scan your machine to determine its model, provided Dell SupportAssist has already been installed. Alternately, you tin can plug in the model number or service tag manually and perform a search.

However, if you don't have Dell SupportAssist installed — you lot'll be able to tell because the Drivers & Download folio will bug yous to install it — so you lot are Not vulnerable to these four specific flaws and you can rest easy and skip all this.

3. Once the Dell model has been identified, you'll be taken to a model-specific back up page that can automatically figure out which drivers you demand. You lot can as well manually search for the proper updates by clicking in the Category driblet-downwardly card for BIOS updates.

4. Download the latest BIOS update, and then run it. Follow the on-screen instructions to finish the process.

5. Y'all'll probably need to fully reboot the automobile for the update to take effect.

Here's a Dell support page with a video walking you through the BIOS update process.

What's going on with these Dell flaws

The trouble hither is, as is so often the example, a matter of convenience trumping security.

The BIOS, or more correctly the UEFI system on modern machines, is low-level firmware that lives on a PC's motherboard and kicks into gear as soon every bit you press the ability push button.

The BIOS scans the difficult bulldoze or drives to find an operating system, such as Windows, macOS or Linux, that the machine tin can "kicking" into. On most machines, there'southward just one OS installed and the startup process will continue automatically. If you have more than than one OS installed, you tin use the BIOS to select the one you want to use, among other things.

BIOS and UEFI firmware is sufficiently complex so that malware can be written for it, and other BIOS modifications can be made to allow unauthorized access to the machine. Since the BIOS/UEFI firmware runs "below" Windows, it'southward oft difficult for Windows programs, such as antivirus software, to discover problems with the BIOS.

A chip too trusting

Like all firmware, the BIOS firmware needs to be updated from time-to-fourth dimension, and the Dell BIOS-update steps outlined above may non exist that easy for many users to perform manually.

So in order to keep the BIOS on its users' machines upwards-to-date without having support technicians walk customers through the process, the Dell SupportAssist program has a role chosen BIOSConnect that automates most of the process. BIOSConnect as well lets support techs remotely recover borked machines when they've got customers on the line.

However, each Dell machine has to contact Dell'due south servers to get the proper BIOS update. And that's where BIOSConnect trips up, because information technology'south likewise trusting.

The Eclypsium researchers found that BIOSConnect will connect to servers presenting not merely certificates belonging to Dell, but to servers presenting any digital verification certificate that conforms to the same format used by Dell.

BIOSConnect will assume that it is connecting to Dell servers, but in fact it could exist connecting to a completely different server controlled by an attacker.

That assaulter could so send a "poisoned" BIOS update to the Dell machine, such equally one that was subtly contradistinct to give the attacker permanent access to the machine over the internet.

The attacker would need to intercept the Dell machine'southward network traffic via a homo-in-the-middle set on in club for this to work. Only that's not that hard to pull off equally long every bit the attacker is on the same local wireless or wired network, such as in an office, hotel, park, coffeeshop or drome waiting lounge.

The Eclypsium researchers plan to reveal the full details of the flaws and the exploit procedure at the DEF CON hacker conference in August.

• More than: Windows eleven will run Android apps — here'southward how

Paul Wagenseil is a senior editor at Tom'south Guide focused on security and privacy. He has likewise been a dishwasher, fry cook, long-booty driver, code monkey and video editor. He's been rooting around in the information-security infinite for more than fifteen years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom'southward Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even chastened a panel discussion at the CEDIA home-engineering briefing. You tin follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/dell-bios-poison-attacks

Posted by: kernrourts.blogspot.com

Share this post