Dell SupportAssist App Is Leaving Customer PCs Vulnerable To Remote Attacks
Another day, another device vulnerability. It was recently discovered that hackers are able to remotely execute code with admin privileges through a Dell SupportAssist utility vulnerability. It is believed that a “high number” of users could be impacted.
American security researcher Bill Demirkapi discovered the vulnerability. The vulnerability affects users who use non-updated versions of the Dell SupportAssist tool. This tool comes pre-installed on Dell devices alongside Windows OS.
The hackers use a ARP Spoofing and a DNS Spoofing attack. The attackers lead users to a subdomain of dell.com. Once users have reached the site, the DNS Spoofing attack will return an “incorrect” IP address. The hackers then use JavaScript to convince the Dell SupportAssist tool to download and run malicious files. The Dell SupportAssist tool runs as an admin, which allows the hackers to fully access the infiltrated device.
According to Demirkapi, “the attacker needs to be on the victim's network in order to perform an ARP Spoofing Attack and a DNS Spoofing Attack on the victim's machine.” Unfortunately, this scenario is quite plausible. The hackers could potentially access other Dell devices through a public WiFi network, if there is at least one compromised device on the network. The attackers could also potentially gain access to a enterprise network or hack a user’s personal WiFi router.
Dell has thankfully released a patch for this vulnerability. Users will need to install SupportAssist v3.2.0.90 to receive the patch. Although there have been no reports of an attack, it is better to install the patch then wait for your device to be hacked.
The vulnerability patch coincides with Dell’s announcement of their Azure VMware Solutions collaboration with Microsoft. Users now be able to manage VMware workloads on Azure. Dell CEO Michael Dell and VMware CEO Pat Gelsinger remarked that organizations can now “tap into Azure’s massive scale, security, and fast provisioning cycles to innovate and modernize applications while improving performance.” Hybrid cloud networks have become increasingly popular, because companies now very rarely use only one service for their infrastructure. It appears that Dell is taking the security of both their own products and their collaborations quite seriously.
American security researcher Bill Demirkapi discovered the vulnerability. The vulnerability affects users who use non-updated versions of the Dell SupportAssist tool. This tool comes pre-installed on Dell devices alongside Windows OS.
The hackers use a ARP Spoofing and a DNS Spoofing attack. The attackers lead users to a subdomain of dell.com. Once users have reached the site, the DNS Spoofing attack will return an “incorrect” IP address. The hackers then use JavaScript to convince the Dell SupportAssist tool to download and run malicious files. The Dell SupportAssist tool runs as an admin, which allows the hackers to fully access the infiltrated device.
According to Demirkapi, “the attacker needs to be on the victim's network in order to perform an ARP Spoofing Attack and a DNS Spoofing Attack on the victim's machine.” Unfortunately, this scenario is quite plausible. The hackers could potentially access other Dell devices through a public WiFi network, if there is at least one compromised device on the network. The attackers could also potentially gain access to a enterprise network or hack a user’s personal WiFi router.
Dell has thankfully released a patch for this vulnerability. Users will need to install SupportAssist v3.2.0.90 to receive the patch. Although there have been no reports of an attack, it is better to install the patch then wait for your device to be hacked.
The vulnerability patch coincides with Dell’s announcement of their Azure VMware Solutions collaboration with Microsoft. Users now be able to manage VMware workloads on Azure. Dell CEO Michael Dell and VMware CEO Pat Gelsinger remarked that organizations can now “tap into Azure’s massive scale, security, and fast provisioning cycles to innovate and modernize applications while improving performance.” Hybrid cloud networks have become increasingly popular, because companies now very rarely use only one service for their infrastructure. It appears that Dell is taking the security of both their own products and their collaborations quite seriously.
