Cybersecurity (opens in new tab) researchers have discovered four critical vulnerabilities in the pre-boot environment of Dell devices (opens in new tab) that exposes them to remote code execution attacks.
Security vendor Eclypsium reports (opens in new tab) that the vulnerabilities in Dell's BIOSConnect tool affect well over a hundred Dell device models including both consumers and business desktops (opens in new tab), laptops (opens in new tab), and tablets (opens in new tab).
BIOSConnect is the firmware updates and remote operating system recovery tool feature that is part of the SupportAssist support tool (opens in new tab) that comes bundled with Dell computers.
- These are the best endpoint protection tools (opens in new tab)
- Here's our choice of the best malware removal (opens in new tab) software on the market
- Check our list of the best firewall apps and services (opens in new tab)
“Our research has identified a series of four vulnerabilities that would enable a privileged network attacker to gain arbitrary code execution within the BIOS of vulnerable machines,” reads the report from Eclypsium.
Dell has already put out patches to mitigate the vulnerabilities (opens in new tab).
Alluring target
According to Threatpost (opens in new tab) the bugs allow threat actors to circumvent the Secure Boot protections of the Dell devices, control its boot process, and subvert the operating system and higher-layer security controls.
The core vulnerability involves an insecure TLS (opens in new tab) connection between Dell and the BIOS on their devices. The report explains that thanks to the bug, the BIOSConnect TLS connection will accept "any valid wildcard certificate."
This, the researchers note, effectively allows attackers to impersonate Dell and deliver any malicious content to the victim’s device.
The other three vulnerabilities are buffer overflow vulnerabilities, which are enabled by the exploited insecure TLS connection, and allow arbitrary code execution at the BIOS/Unified Extensible Firmware Interface (UEFI) level.
Eclypsium believes that the Dell vulnerabilities show that as vendors increasingly switch to over-the-air update processes, any unaddressed vulnerabilities in the mechanism can have serious consequences.
“This combination of remote exploitability and high privileges will likely make remote update functionality an alluring target for attackers in the future,” Eclypsium concludes
- Protect your devices with these best antivirus software (opens in new tab)