The attack works by first sending users to a malicious web page, which Dell’s SupportAssist is then tricked into downloading and running malware on the users’ PCs. He posted a full vulnerability report on his Github and a demo video of the attack. H/T to Bill Demirkapi, a 17-year old security researcher who discovered the SupportAssist app vulnerability and notified Dell about the bug a few months ago. It’s a truly proactive and preempting support solution that predicts the solution required by a device and offers resolution for problems that have not even surfaced. It helps prevent downtime before it has even begun by evaluating and monitoring device health along with the health of the servers and storage devices. In fact it’s the first automated solution that offers proactive and predictive support for a device. What is SupportAssist?ĭell’s SupportAssist is an automated support solution for Dell personal computers, tablets, storage devices, servers, and networking devices. Devices that the company sells without Windows are not affected, since the app doesn’t come pre-installed. The vulnerability has been known since October last year, but a patch was just released on April 23 rd, 2019. Anyone who still has it running would be vulnerable to this kind of attack and needs to update their application right away or uninstall the Dell SupportAssist application completely. The exact number of affected end-users has not been released, but the SupportAssist application comes preloaded on all new Windows computers. Many new Dell computers running Windows will come pre-installed with SupportAssist, which according to Dell’s website “provides automated, proactive and predictive technology that reduces troubleshooting steps and speeds up your resolution time.” The only problem with this time-saving support is that it’s also giving hackers admin privileges to your device. Flaw in Dell’s SupportAssist: The Help that Hurts
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |