Posted on May 4, 2019 at 1:17 PM
Bloatware in Windows computers has been irking anyone that has ever bought a brand name PC. It turns out that there are people who cheer on when a company installs a single program by default onto all of its computers. It’s hackers that have been having a field day with Dell laptops and desktops that come pre-installed with Windows.
The vulnerability was found by Bill Demirkapi and was shared via Github. A patch was released to fix this flaw on the 23rd of April, but everyone who has the app installed on their computer has been at risk for quite a while and should take steps to see that their computer has not been infected with malware. The bug allows an attacker to gain admin privileges on a machine and to execute code that would allow them to take over the functioning of the machine.
The only Dell customers not affected would be those who buy a Dell computer without Windows installed. Anyone who is running a Dell system that has had SupportAssist installed in potentially affected, though Dell does not have an exact number of machines that were hacked and probably never will. It will probably be up to the users to find out if they have been infiltrated.
How the Attack works
Dell’s SupportAssist app does a variety of jobs. It is there to provide automatic driver updates and to do debugging and diagnostics on a machine so that support can assist the user with any problems they might be experiencing. The problem lies with the debugging aspect, as those tools generally have deeper access than normal to a computer’s system. This allows an attacker who knows an exploit to a debugging software of that kind to gain full control over a system remotely.
The vulnerability is exploited in the most traditional way possible – first, the attackers have to get the user to a website that tricks the app into installing malware that is then used to infiltrate a computer further. The SupportAssist app runs with admin privileges actively, something that the vast majority of Windows don’t do for this very reason. It allows attackers a free pass to total control if they discover a vulnerability in software.
There is another way that an attacker can exploit the app remotely and it is via a public wi-fi network. It doesn’t matter if it is an enterprise network or a coffee shop wi-fi, the result is the same so long as the app has access to a network that is not secured.
Upgrade to the latest SupportAssist immediately
The security researcher who found the flaws is 17 years old Bill Demirkapi, who notified Dell of the issue a few months previously. Dell has been working since then to fix the issue while maintaining the usefulness of the app in question. The vulnerability has been patched out with version 220.127.116.11 and Dell has recommended everyone to update to the latest version.
The difference, in this case, is that the app will not use administrative privilege until the user gives consent. Which means that you should be very careful when answering any prompt given out by the SupportAssist app. This will only really need to be done when you are liaising with Dell Support with regards to a problem on your computer system.
Ironically, a few weeks after Demirkapi notified Dell, they suffered a massive breach in their own computer network. It is unknown if the two incidences are related, but many in the industry tend to think there is no reason for the two incidents to have anything to do with one another. That is unless the computers used by Dell Support have the same program installed with the same vulnerabilities. In this day and age when security breaches are happening with ever greater frequency, it would be truly ironic if that were the case.