Dell Laptops and PCs Vulnerable To Remote Hijacks (zdnet.com) 70
A vulnerability in the Dell SupportAssist utility exposes Dell laptops and personal computers to a remote attack that can allow hackers to execute code with admin privileges on devices using an older version of this tool and take over users' systems. From a report: Dell has released a patch for this security flaw on April 23; however, many users are likely to remain vulnerable unless they've already updated the tool -- which is used for debugging, diagnostics, and Dell drivers auto-updates. The number of impacted users is believed to be very high, as the SupportAssist tool is one of the apps that Dell will pre-install on all Dell laptops and computers the company ships with a running Windows OS (systems sold without an OS are not impacted). According to Bill Demirkapi, a 17-year-old security researcher from the US, the Dell SupportAssist app is vulnerable to a "remote code execution" vulnerability that under certain circumstances can allow attackers an easy way to hijack Dell systems.
Re: (Score:1)
Re: Read the whole article (Score:1)
Re: (Score:1)
Please point out the bit where he suggested "there is no point in using the former".
Re: (Score:1)
Yes he did imply that but at no point did he express a preference for one OS over another or say anything along the lines of there being no point in using Linux over Windows from a security point of view.
He simply made a cautionary statement stating that you shouldn't assume you're safe just because you don't use Windows which is good advice.
Not as serious as it is made out to be (Score:5, Informative)
"The attack relies on luring users on a malicious web page, where JavaScript code can trick the Dell SupportAssist tool into downloading and running files from an attacker-controlled location."
AND
"The attacker needs to be on the victim's network in order to perform an ARP Spoofing Attack and a DNS Spoofing Attack on the victim's machine in order to achieve remote code execution"
Turns Router Compromise into Total Fail (Score:1)
So a compromized router becomes a backdoor into every machine?...
I see you're minimizing the attack here, but these backdoors have long been an issue.... HP, and Dell putting in remote assistance as default regardless of whether you're contracted in, is no different than Huawai having a backdoor support mechanism.
A compromised router is the norm these days, all of the big ISPs have their backdoor accounts to maintain their routers.
Yet Mirai/Reaper botnets exists (Score:5, Informative)
All the prerequisites for performing the attack is had by anyone capable of creating an IoT botnet.
Do you know anyone with a Dell and any of the following:
How many people do you know put their IoT device on a completely different VLAN or guest network than they connect their Dell to?
Several IoT device have apps for Windows that only work if both the IoT device and laptop are on the same network.
Attack requiring local network access does not provide the level of protection that you seem to think it does. This is also an unwarranted risk.
What is really upsetting is Dell has been warned about this type of issue with their updaters [duo.com] before. Previous to that warning, Jeff Clarke promised [youtube.com] Dell would put their full attention to prevent these type of security issues with their pre-installed software in the future.
While Dell has stated they will be more proactive about their security policies, the truth is they keep performing the same mistakes over and over again resulting in reactionary after the fact fixes such as this one.
Re: (Score:3)
How many laptops do Dell sell?
How many of these laptops are carried around and connected to public wifi networks?
Quite easy to perform this kind of attack if both you and the victim are connected to the same wifi...
Re: (Score:2)
You are missing the point. Huawei is run by an authoritarian government and all bugs are deliberate backdoors designed to steal Western trade secrets! Buying a Huawei is basically inviting the Chinese Communist Part into your business!
Oh wait, it's Dell... Well, I guess we better ban US products too.
Re: (Score:2)
Re: (Score:2)
All of which can be done pretty easily with a fake hotspot.
Re: (Score:2)
So, wait (Score:5, Funny)
To do this, you have to be on the local network and trick the person into visiting a specially crafted web page?
At that point it would be a shitton easier to just beat the nerd up and get his password, which is probably Anime11 anyway
Re: (Score:1)
Fuck your iphone. Starbucks is not a coffee shop. Its an upscale cafe where like minded anti-plebs can enjoy their bespoke latte in peace from the unwashed masses.
Re: (Score:2)
I suggest you get a red team from a competent company, you will be surprised how easily they manage to tunnel malicious traffic through zscaler...
Re: (Score:2)
End users machines are typically whats used to access things like fileservers, if you get access to the right user machine you get access to the files they have access to...
Malware doesn't need to communicate with the internet to do malicious things, it could just as easily copy data from the fileserver onto the laptop and wait until the laptop is reconnected to that user's home network before transmitting the data back to the attacker.
Don't overestimate the effectiveness of zscaler, unless you are very str
Re: (Score:2)
I can think of two easy ways to exploit this:
Backdoors (Score:1)
oh.. it's not a Chinese company. Nothing to see here.
Why aren't we spinning this? (Score:1)
into "Dell inserted back doors into computer equipment for years" the way we do when a security vulnerability is found in Huawei equipment? Is it possible that the government and media is working very hard at making _foreign_ manufacturers of computer equipment seem dangerous and bad? Could it be that there is a lot of lying and false accusations?
Remote support tools (Score:2)
Equals remote backdoor. It's that simple.
BTW, I run Linux (Mint) on my Dell Precision m4800 connected to a 34" ultrawide monitor : in addition to be safe from this kind of stuff, my machine is REALLY fast even if I bought it in october 2014 (I'm a software engineer/developer using Java mostly, Docker, a VM with "vanilla" Windows 7 if my client required it, ...).
I don't know what will be my next laptop (tired reading about all backdoor install by all major laptop vendor). I can't buy a System76, Purism Libre
Re: (Score:1, Funny)
It's ok, you have universal healthcare up there. Just explain why they're gone, get in line, and you'll get some replacements legs soon. To upgrade to Bear Arms, though, you may have to travel to America and pay extra.
This again? (Score:2)
From TFA:
ATTACK REQUIRES LAN/ROUTER COMPROMISE
Can we just stop with the hype over attacks that require something else be compromised first?
Just silly. In this day and age, everyone has a router (firewall) between their machine and the world. If you gotta break that to break something else, I think that something else is probably not an issue.
Just stop. Find some real security issues.
Use Command | Update instead of SupportAssist (Score:1)
not on my dell computers (Score:2)
I have two, the first time I turned them on, I had linux mint in the drive to install :-)