The researchers knew for on security issues with basic computer code known as firmware. It’s common full of vulnerabilities, it is difficult to update it with patches, and it is more and more the target of real-world attacks. Now the well-intentioned mechanism for easily updating Dell computer firmware is itself vulnerable as a result of four basic errors. I these vulnerabilities can be used for full access to target devices.
The new knowledge security firm Eclypsium researchers are influencing 128 of Dell’s latest models of computers, including desktops, laptops and tablets. Researchers estimate that a total of 30 million devices are exposed to vulnerabilities, and exploits are even working on models that include Microsoft Protected Core Computer – A Specially Built System to reduce firmware vulnerabilities. Dell is releasing patches for flaws today.
“These vulnerabilities are easy to exploit. It’s basically like a trip to the past, it’s almost like the nineties, “says Jesse Michael, chief analyst at Eclypsium. “The industry has achieved all this maturity of security features in code at the application and operating system level, but it is not following best practice in new firmware security features.”
The vulnerabilities appear in a Dell feature called BIOSConnect, which allows users to easily, and even automatically, download firmware updates. BIOSConnect is part of Dell’s broader remote operating system update and management feature called SupportAssist, which had its share potentially problematic vulnerabilities. Update mechanisms are valuable mete for attackers because they can be dirty to distribute malware.
Four vulnerabilities discovered by researchers in BIOSConnect do not allow hackers to install malicious Dell firmware updates at once. They could, however, be used to individually target the victim’s device and easily achieve remote firmware management. Compromising device firmware can give attackers complete control over your computer, because the firmware coordinates hardware and software and acts as a precursor to the computer’s operating system and applications.
“This is an attack that allows an attacker to go directly to the BIOS,” the basic firmware used in the boot process, says Eclypsium researcher Scott Scheferman. “Before the operating system even started and was aware of what was happening, the attack had already happened. It is an avoidable, powerful and desirable set of vulnerabilities for an attacker who wants persistence. “
One important note is that attackers could not directly take advantage of four BIOSConnect bugs from the open Internet. They must have a foothold in the internal network of victim devices. But researchers point out that ease of exploitation and lack of monitoring or recording at the firmware level would make these vulnerabilities attractive to hackers. Once an attacker has compromised the firmware, it is likely to remain undetected in the target networks for a long time.
Eclypsium researchers discovered Dell’s vulnerabilities on March 3rd. The findings will be presented at the Defcon security conference in Las Vegas in early August.
“Dell has fixed multiple vulnerabilities for the Dell BIOSConnect and HTTPS Boot features available on some Dell Client platforms,” the company said in a statement. “Features will be updated automatically if users have Dell’s automatic updates are included“If not, the company says customers should manually install the patches” as soon as possible. “
Eclypsium researchers warn that this is one update you may not want to download automatically. Since BIOSConnect itself is a vulnerable mechanism, the safest way to get updates is to navigate to Dell’s Drivers and downloads download and install updates manually from there. For the average user, though, the best approach is to simply update your Dell, but you can as quickly as possible.