Recently, a bug has been seen in BIOS Connect, a SupportAssist feature that Dell pre-installs on its computers and that allows automatic and remote updating of the BIOS. Experts have found that it can be easily exploited in 129 different models.
A team of engineers at Eclypsium, Inc. has found four vulnerabilities in the BIOS Connect features within Dell SupportAssist. They have reported what they found on their website where they rated the vulnerability as High.
30 million computers affected by BIOS Connect
The company began installing a BIOS-based application called Support Assist, which allows Dell technicians to help users remotely. Dell also pre-installs another BIOS application called BIOS Connect, which allows the company to update the BIOS. The Eclypsium team found a vulnerability in the security chain that could allow access to the boot process of computers and load malware.
eclipsium informed Dell of the issues it encountered last March, and Dell quickly issued a security advisory to its customers and set out to work to fix it. Two of the fixes were completed and updated on the server-side machines; the other two, once completed, were posted to Dell's cloud site. Those fixes are now available to those customers who have been affected; while those who have Dell's Automatic Updates turned on need not worry as they have likely already been done.
The vulnerability involved 129 different Dell devices, from laptops to tablets. It is estimated that it has affected approximately 30 million terminals worldwide. One of the vulnerabilities involved connections between BIOS updates and Dell servers that could allow an adversary to redirect a computer that is being updated to a different machine. The other three vulnerabilities were listed as flood vulnerabilities.
According to Eclypsium, any attack aimed at exploiting the vulnerability would have to involve redirecting users' computers, making the likelihood of an attack on individual users very remote. In any case, if you need the patch that fixes the BIOS Connect security flaw, Dell already has an official patch on their website.
