Researchers at Eclypsium have discovered that Dell’s remote BIOS upgrade software suffers from a serious vulnerability that can allow attackers to hijack BIOS download requests and use modified files to stage a takeover of the startup processes. Dell SupportAssist which comes preinstalled on most Dell systems has a feature called BIOSConnect which allows for remote firmware updates and OS recovery features.
The vulnerability affecting BIOSConnect affects 129 different models of Dell laptops, AIOs, and pre-builts, putting a total of 30 million devices at risk. It uses an insecure TLS connection to connect to Dell servers and can be exploited in three different ways.
Eclypsium believes that two of the vulnerabilities affect the system recovery process, while the third one affects the firmware update process. These three are independent of each other, and each one will cause the malicious code in the BIOS to be executed. Users are recommended to update the BIOS firmware manually and refrain from using the BIOSConnect feature.
Via: Bleeping Computer
