Researchers already know in order to Years on safety issues Use basic computer code called firmware.It often Full of loopholes, It’s hard to update with patches, and it’s getting Real-world targetsNow, due to four basic errors, a well-intentioned mechanism for easily updating the firmware of Dell computers is itself vulnerable to attack.with These vulnerabilities Can be used to gain full access to the target device.
This New discovery Researchers from the security company Eclypsium have affected 128 of the latest models of Dell computers, including desktops, laptops and tablets.Researchers estimate that these vulnerabilities have exposed a total of 30 million devices, and these vulnerabilities even include Microsoft’s Secured-core PC protection-a purpose-built system To reduce firmware vulnerabilities. Dell today released patches for these vulnerabilities.
“These vulnerabilities are easy to exploit. Eclypsium’s principal analyst Jesse Michael said that this is essentially like going back in time, almost like going back to the 90s. “The industry has implemented everything in application and operating system-level code. These mature security features, but they do not follow the best practices of the new firmware security features. “
These vulnerabilities appear in a Dell feature called BIOSConnect, which allows users to easily or even automatically download firmware updates. BIOSConnect is part of a broader Dell update and remote operating system management feature called SupportAssist, which has its own share Potential problems and vulnerabilities. The update mechanism is valuable the goal For attackers, because they may be infected to distribute malware.
The four vulnerabilities discovered by the researchers in BIOSConnect do not allow hackers to implant malicious Dell firmware updates to all users at once. However, they can be used to individually target the victim device and easily gain remote control of the firmware. Destroying the device’s firmware can give an attacker complete control of the machine, because the firmware coordinates the hardware and software and runs as the predecessor of the computer’s operating system and applications.
“This is an attack that allows the attacker to directly enter the BIOS,” said Eclypsium researcher Scott Scheferman, the basic firmware used during the boot process. “The attack happened before the operating system started and realized what was happening. For attackers who want persistence, this is a set of evasive, powerful and ideal vulnerabilities.”
An important caveat is that attackers cannot directly exploit the four BIOSConnect vulnerabilities on the open Internet. They need to gain a foothold in the internal network of the victim device. But the researchers emphasize that ease of use and lack of monitoring or logging at the firmware level will make these vulnerabilities attractive to hackers. Once an attacker destroys the firmware, they are likely to remain undetected in the target network for a long time.
Eclypsium researchers disclosed these vulnerabilities to Dell on March 3. They will announce their findings at the Defcon Security Conference in Las Vegas in early August.
“Dell has fixed multiple vulnerabilities in the Dell BIOSConnect and HTTPS boot functions provided by some Dell client platforms,” the company said in a statement. “If the customer has Dell automatic update is turned on. If not, the company stated that customers should manually install the patch “as soon as possible.”
However, Eclypsium researchers warn that this is an update that you might not want to download automatically.Since BIOSConnect itself is a vulnerable mechanism, the safest way to obtain updates is to navigate to Dell’s Drivers and downloads Website and manually download and install updates from there. However, for ordinary users, the best way is to update your Dell as quickly as possible.