Posted on June 22, 2019 at 11:07 AM
The ever-lasting game between security researchers and hackers continues with the recent discovery of a major flaw found within the Dell SupportAssist software. The software comes pre-installed on a large number of devices, and its goal is to do regular checks of the health of software and hardware. To do these checks, the SupportAssist software needs to have full access to the system, which gives it permissions to access any part of the device.
As mentioned, this includes software and hardware alike, including the physical memory of devices, their SMBios, and more. As such, SupportAssist can also put users in an incredible amount of danger if anyone managed to access it remotely, which is just what the newly-discovered vulnerability allows.
A major vulnerability once again puts millions in danger
The flaw was originally discovered by a cybersecurity firm SafeBreach Labs. As a part of a pre-installed program on the majority of Dell-branded devices, it is extremely risky, and it is estimated that it endangers over 100 million people.
SafeBreach Labs reported that the flaw comes from a lack of authentication when the system attempts to pull library files from various folders and interact with them. In other words, the program does not try to verify if the libraries are legitimate or not. This would allow skilled hackers to trick it by placing an infected file into a folder that SupportAssist would later try to interact with.
As soon as the file is scanned and activated, the trap would spring, compromising the entire system, and exposing users’ private information. Of course, in order for this to happen, the hacker would first have to trick the user into downloading the malicious file. But, if successful, they would be granted access to the device’s entire system after SupportAssist activates the trap.
This was confirmed by SafeBreach Labs’ security researcher, Peleg Hadar. Hadar noted that the attacker could do whatever they wanted after gaining control of the system. Not only that, but the vulnerability might be affecting a number of different devices.
Since SupportAssist was made by the PC-Doctor company and has become highly popular among many different brands — many have also rebranded it, while keeping the same vulnerable component. Some of its versions include CORSAIR Diagnostics, Tobii Dynavox Diagnostics Tool, CORSAIR ONE Diagnostics, Staples EasyTech Diagnostics, and others.
Even the laptops such as MSI, or Acer, which use Tobii and Corsair products are likely to have the same vulnerability. The same is true for any other device that has been serviced by Staples employees, as they have likely used this piece of software for checking the devices’ health.
The patch is out
The severity of the flaw is massive, and it goes without saying that it could mean a huge danger for millions of people around the world. However, the situation is not as bad as it might seem at first, as the Dell reacted very quickly, and released a patch that fixes the issues.
The patch went live on May 28th, and it was successfully installed by over 90% of users, according to Dell. However, that still leaves 10% of users exposed, and in danger of having their device compromised. The successful adoption of the patch is the result of automatic updates, which dell leaves enabled by default.
With that said, there are cases where the automatic updates were either not enabled, or purposefully disabled by users. In these cases, the users are vulnerable, as they might not be aware of the patch, if they don’t regularly check for one. Users who do not remember having their devices updated recently should download and install the patch manually as soon as possible.
Those who might not be sure whether or not their device was patched can install it manually anyway. If the device was already patched, there would be no harm done. If it was not, the device would finally be safe from harm once again. The patch is easily accessible on SupportAssist’s download page.