The SupportAssist application on all the notebooks and PCs sold by Dell has a vulnerability that hackers can remotely exploit to gain administrative privileges. A vulnerability report shared by Bill Demirkapi via GitHub confirmed that hackers can gain administrative access over all these machines and upload malicious codes to take over the systems. Dell released a patch on April 23 to fix the issue.
Most Dell Customers Affected
There are no reports about the affected number of users but considering the fact that Dell puts the SupportAssist software on all the new Windows computers, most of the users would be open to this kind of attack. Only devices sold by the company without Windows are unaffected by the attack since these don’t come with SupportAssist preinstalled.
The tool mostly provides the latest Dell driver updates to the Windows machines. It is also used by the company’s customer support to run debugging and diagnostic tests on customers’ PCs. The debugging tool tends to have deep access to a system that hackers can exploit. The major issue was that the attack can be remote and attackers can gain full control of the systems from anywhere.
How the Attack Works
The attack first starts by taking users to a malicious web page. This is where Dell’s SupportAssist is tricked into downloading and running malware to exploit a user’s PC.
Note that Dell’s SupportAssist is launched with administrative privileges by default. It is something not found on a vast majority of Windows applications. Attackers use this to gain administrative rights on the PCs.
If a Dell user is on a public Wi-Fi network or an enterprise network, an attacker can attack the user PC remotely by being on the same network.
The attacker then can use Address Resolution Protocol spoofing attacks to get access to legitimate IP addresses within a network. Attackers can also perform DNS attacks on the routers, which are more frequent nowadays due to the poor security structures of most of the existing routers.
Update to Latest Dell SupportAssist Version
A 17-year old security researcher Bill Demirkapi discovered the flaw in the Support Assist app and notified Dell a few months ago. Apparently, the company was working on the fix since then and they recently released the version 220.127.116.11 of the application with a patch on the vulnerability.
Those with the previous versions can update the app or can simply remove the administrative permissions to the SupportAssist until they face any issue which can be resolved only by Dell support. Dell customers can also avoid the app to run in the background but we suggest that uninstalling the app would be a safer approach.
This is not the first time Dell has put its customers on risk by giving administrative privileges to the pre-installed applications. Dell’s own network has undergone a data breach recently after Demirkapi reported the vulnerability in the SupportAssist app.