Dell computers vulnerable to remote control

0
43

A vulnerability in the Dell SupportAssist software exposes Dell laptops and PCs to remote attacks that allow hackers to execute code with administrator privileges on devices using a version of the previous software.

Dell released a solution for this security issue on April 23. However, many users can remain vulnerable unless they have already updated the software, used for debugging, diagnostics, and automatic Dell driver & # 39; s updates.

The number of affected users is considered very high because the SupportAssist tool is one of the pre-installed applications on all Dell laptops and computers. The software is only supplied on devices with Windows, systems that are sold without an operating system are not affected.

CVE-2019-3719

According to Bill Demirkapi, a 17-year-old US security investigator, the Dell SupportAssist application has an "external code execution" vulnerability that, under certain circumstances, allows attackers to easily hijack Dell systems.

The attack involves directing users to a malicious Web page, where JavaScript can fool the Dell SupportAssist tool by downloading and executing files from an attacker-controlled location.

Because the Dell SupportAssist tool runs as administrators, attackers have full access to targeted systems if they are able to position themselves correctly to perform this attack.

The attack requires a compromise between the LAN or the router

"The attacker must be on the victim's network to perform an ARP spoofing attack and a DNS spoofing attack on the victim's machine to execute external code," Demirkapi told ZDNet in a conversation. by email.

It may seem difficult, but it is not as complicated as it sounds.

The attack could work in two cases: public WiFi networks or large corporate networks where at least one infected computer can be used to perform ARP and DNS attacks on Dell systems running the SupportAssist tool.

Another plausible scenario concerns situations where hackers have affected the user's local WiFi router and are able to adjust DNS traffic directly on the router.

As we have seen in recent months, hacking routers to hijack DNS traffic is no longer a sophisticated attack and is becoming more common, especially due to the sad state of router security

The attack does not require user interaction

In addition, the attack does not require user interaction except to encourage users to access a malicious page, and the malicious JavaScript code that drives the attack can also be hidden in legitimate iframes sites.

As Demirkapi explained to ZDNet, the iframe will point to a sub-domain of dell.com, and a DNS spoofing attack from an attacker-controlled computer / router returns an incorrect IP address for the dell.com domain, causing the attacker Controlled the files sent and executed by the SupportAssist tool.

The good news is that Dell has taken the investigator's report seriously and has been working on CVE-2019-3719 for several months, which ended last week with the release of SupportAssist v3.2.0.90. Dell users are now welcome to install.

Evidence of the concept to reproduce an attack is available on GitHub, and Demirkapi has also released a demo video that shows how an attack can easily affect the safety of your device. The Demirkapi vulnerability report, for more technical details, is available on the young researcher's blog

Source: Dell laptops and computers that are vulnerable to remote kayaks

.