Millions of Dell And Other Brand PCs Vulnerable To System Hijack Security Flaw In 3rd Party Software
Some laptop and desktop consumers may want to double-check that they have recently updated their devices. It was discovered that millions of Dell PCs as well as other brands could be vulnerable to hackers. The security flaw was caused by a 3rd party software package and affected Dell’s SupportAssist software, as well other rebranded versions of this particular software that Dell and other brands employ.
The Dell SupportAssist software is pre-installed on devices and is intended to “proactively checks the health of your system’s hardware and software.” Since SupportAssist runs health checks on a device, it has unfettered access to the system. SupportAssist is able to access hardware such as the device’s physical memory, PCIe, and SMBios. The vulnerability is caused by a Dynamic Link Library or DLL glitch. DLLs are a library of executable functions that are used by a Windows application. Programs like SupportAssist load DLL files when they start up. This particular program does not confirm whether or not the DLL has been signed and would therefore automatically load any unsigned DLL.
A hacker could potentially exploit the vulnerability by persuading the user to download malicious files. The hacker would then have access to the device as SYSTEM and anything controlled by the software. According to Peleg Hadar, a SafeBreach Labs security researcher, “After an attacker exploits the flaw he gains execution as SYSTEM within a signed service, basically he can do whatever he wants...”
To add insult to injury, this vulnerability could potentially affect a wide variety of devices. The vulnerable SupportAssist component was created by the PC-Doctor company. The software has been rebranded multiple times with the same component. Versions include CORSAIR ONE Diagnostics, CORSAIR Diagnostics, Staples EasyTech Diagnostics, Tobii I-Series Diagnostic Tool, and Tobii Dynavox Diagnostic Tool. This means that Corsair products, devices that incorporate Tobii eye tracking technology, such as Acer and MSI laptops, and devices that have been fixed Staples employees, have been affected by this vulnerability.
Thankfully, a patch has been issued to all affected devices, including devices with rebranded versions of SupportAssist. The vulnerability was discovered in April and the patch was released at the end of May. Dell recently reported that over 90% of their customers have received the patch. It is currently unclear how many other devices have since been patched. Dell customers can download the latest version of SupportAssist here for their systems. Another Dell SupportAssist vulnerability was discovered and patched earlier this year. Hackers could have potentially used ARP Spoofing and DNS Spoofing attacks to lead users to an incorrect IP address and download malicious files. Like the most recent vulnerability, hackers would have been able to thoroughly infiltrate the device. Thankfully, there were no reported attacks and very few users were vulnerable.
The Dell SupportAssist software is pre-installed on devices and is intended to “proactively checks the health of your system’s hardware and software.” Since SupportAssist runs health checks on a device, it has unfettered access to the system. SupportAssist is able to access hardware such as the device’s physical memory, PCIe, and SMBios. The vulnerability is caused by a Dynamic Link Library or DLL glitch. DLLs are a library of executable functions that are used by a Windows application. Programs like SupportAssist load DLL files when they start up. This particular program does not confirm whether or not the DLL has been signed and would therefore automatically load any unsigned DLL.
A hacker could potentially exploit the vulnerability by persuading the user to download malicious files. The hacker would then have access to the device as SYSTEM and anything controlled by the software. According to Peleg Hadar, a SafeBreach Labs security researcher, “After an attacker exploits the flaw he gains execution as SYSTEM within a signed service, basically he can do whatever he wants...”
To add insult to injury, this vulnerability could potentially affect a wide variety of devices. The vulnerable SupportAssist component was created by the PC-Doctor company. The software has been rebranded multiple times with the same component. Versions include CORSAIR ONE Diagnostics, CORSAIR Diagnostics, Staples EasyTech Diagnostics, Tobii I-Series Diagnostic Tool, and Tobii Dynavox Diagnostic Tool. This means that Corsair products, devices that incorporate Tobii eye tracking technology, such as Acer and MSI laptops, and devices that have been fixed Staples employees, have been affected by this vulnerability.
Thankfully, a patch has been issued to all affected devices, including devices with rebranded versions of SupportAssist. The vulnerability was discovered in April and the patch was released at the end of May. Dell recently reported that over 90% of their customers have received the patch. It is currently unclear how many other devices have since been patched. Dell customers can download the latest version of SupportAssist here for their systems. Another Dell SupportAssist vulnerability was discovered and patched earlier this year. Hackers could have potentially used ARP Spoofing and DNS Spoofing attacks to lead users to an incorrect IP address and download malicious files. Like the most recent vulnerability, hackers would have been able to thoroughly infiltrate the device. Thankfully, there were no reported attacks and very few users were vulnerable.
