Faulty update mechanism puts millions of Dell devices at risk

Dell has already released remediation to neutralize the threat

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers have discovered four critical vulnerabilities in the pre-boot environment ofDell devicesthat exposes them to remote code execution attacks.

Security vendorEclypsium reportsthat the vulnerabilities inDell’s BIOSConnect tool affect well over a hundred Dell device models including both consumers andbusiness desktops,laptops, andtablets.

BIOSConnect is the firmware updates and remoteoperating systemrecovery tool feature that is part of the SupportAssistsupport toolthat comes bundled with Dell computers.

“Our research has identified a series of four vulnerabilities that would enable a privileged network attacker to gain arbitrary code execution within the BIOS of vulnerable machines,” reads the report from Eclypsium.

Dell has already put out patches tomitigate the vulnerabilities.

Alluring target

According to Threatpostthe bugs allow threat actors to circumvent the Secure Boot protections of the Dell devices, control its boot process, and subvert the operating system and higher-layer security controls.

The core vulnerability involves an insecureTLSconnection between Dell and the BIOS on their devices. The report explains that thanks to the bug, the BIOSConnect TLS connection will accept “any valid wildcard certificate.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

This, the researchers note, effectively allows attackers to impersonate Dell and deliver any malicious content to the victim’s device.

The other three vulnerabilities are buffer overflow vulnerabilities, which are enabled by the exploited insecure TLS connection, and allow arbitrary code execution at the BIOS/Unified Extensible Firmware Interface (UEFI) level.

Eclypsium believes that the Dell vulnerabilities show that as vendors increasingly switch to over-the-air update processes, any unaddressed vulnerabilities in the mechanism can have serious consequences.

“This combination of remote exploitability and high privileges will likely make remote update functionality an alluring target for attackers in the future,” Eclypsium concludes

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Mount-It Electric Standing Desk review

One more AMD eGPU docking station goes on sale — but it doesn’t have USB 4.0, can’t accommodate an M.2 SSD and requires an OCuLink connector to feed the RX 7600M XT chip

7 myths about email security everyone should stop believing