Dell has released a patch for laptops and desktops that have a serious vulnerability, which could allow hackers to remotely take control of the computing devices. This comes after researchers at security firm Eclypsium revealed earlier this month that there were four flaws in the way BIOSConnect works via Dell’s own SupportAssist tool that is preloaded on Dell machines. This is the second time in the past few months that flaws regarding the firmware update process have surfaced in Dell machines, and the company would also be releasing server-side updates to fix these vulnerabilities. It is believed that as many as 30 million Dell PC lines are at risk because of these glaring flaws, which includes the flagship XPS laptops, Inspiron laptops, Latitude laptops, OptiPlex desktops, the Vostro devices as well as certain models of the Alienware gaming series.
In a security advisory that Dell has released since, they say Dell PC users should update the BIOS on their computing devices immediately, using the ‘Drivers and downloads’ section on the Dell website, for ypur specific machine. In case they are unable to update, they should at least for the time being, turn off the BIOSConnect option on the PCs—for this, power off your PC, power it on and immediately press the F2 key > > Update, Recovery > BIOSConnect > Switch to Off. In the security note, Dell confirms that the affected products include the Alienware m15 R6, Inspiron, OptiPlex, Latitude, Vostro and XPS lines. News18 has reached out to Dell for a statement on the vulnerability and the subsequent fix, and we will update you as soon as we hear back. (Update: Dell’s statement added below)
To simplify the complication for you, the biggest problem is with the way the BIOSConnect function in the Dell SupportAssist software checks online for new firmware (also known as BIOS) updates and downloads them for users. In the perfect world, each Dell computing device would connect with Dell’s servers to check for and download the proper firmware file. The Eclypsium research team says they found BIOSConnect would instead trust just any server that could present a digital authentication certificate that followed the same format as used by certificates on original Dell servers. It would then rummage or look around the server and search for as well as attempt to download BIOS updates that match the machine this is being attempted on. This was a dream scenario for a hacker to start sending malicious files that are laden with malware to permanently get remote access to the impacted PC.
The researchers also say that for the injected malicious file to complete the chain of access to a hacker, the attacker would need to intercept the impacted PC’s network. This could very well be possible on public Wi-Fi networks too. “Successfully compromising the BIOS of a device would give an attacker a high degree of control over a device. The attacker could control the process of loading the host operating system and disable protections in order to remain undetected,” the researchers say. They also warn that the attacker would get the highest access privileges on the impacted PC. The 30 million Dell PCs that are impacted span across as many as 129 different models, including laptops, desktops and convertible computing devices.
Update: Dell has shared a statement with News18 and the company says the corrective measures are in place. “Dell remediated multiple vulnerabilities for Dell BIOSConnect and HTTPS Boot features available with some Dell Client platforms. The features will be automatically updated if customers have Dell auto-updates turned on," the company says. “We encourage customers to review the Dell Security Advisory (DSA-2021-106) for more information, and if auto-updates are not enabled, follow the remediation steps at their earliest convenience," adds Dell.