Dell computers at risk, run to update Dell SupportAssist!

Who I am
Mart铆 Micolau
@martimicolau
Author and references

The attack consists of redirecting the user to a malicious page, where JavaScript code can fool Dell SupportAssist, causing it to download and launch files from a location controlled by the attacker. Since the software runs with administrative privileges, the bad guys will have full access to the system, if they can fit in the correct position to perform this attack. 


To complete the intrusion it is necessary for the attacker to sneak into the victim's network to follow an ARP and DNS spoofing attack on the victim's PC in order to execute the code remotely.

Although it may seem an unlikely scenario, in recent months there have been cases that have shown how simple it can actually be to break the security of a router, especially on public or corporate networks where it is easier to find a compromised PC, as explained from Demirkapi to ZDNet.


The most troubling element of the whole affair is that to bring about this violation, no action is required from the user, other than access to the malicious web page. The problem is that such access can be overlaid on a secure web page (via advertising iframes for example). In this case, the JavaScript code was hidden in a subdomain of dell.com.


Either way, Dell immediately went into action to fix the problem, so much so that last week the new software version (v3.2.0.90) was released which fixes the vulnerability and therefore, we highly recommend installing if you have a Dell system.



Dell computers at risk, run to update Dell SupportAssist!

Audio Video Dell computers at risk, run to update Dell SupportAssist!
add a comment of Dell computers at risk, run to update Dell SupportAssist!
Comment sent successfully! We will review it in the next few hours.