Did you know that your Dell laptop might have a vulnerability that would allow any hacker to take remote access of your laptop?
Yes, your laptop could be at risk and that is because of 4 mistakes in how the BIOS operates in your Dell’s SupportAssist tool. This flaw was brought to light by a security firm known as Eclypsium
Oh, and this is pre-installed into the laptop which means there’s nothing you could have done about it.
And its the second time problems with the firmware update process have been highlighted. To fix this, Dell released a server-side updates.
But the new issue seem to be even bigger and affect over 30 million laptops and that includes some of the their most popular laptop series such as the Dell XPS, Dell Insipiron, Vostro, and Latitutde.
Even Alienware gaming laptops are at risk.
According to Dell, the users of these laptops need to update the BIOS via the Drivers and Downloads section on the official Dell website. Just make sure you are downloading the right files based on your model.
And in case you aren’t able to update, it would be best to turn off the BiosConnect feature. For this, hit the F2 button as your laptop powers on. Then press Update, Recovery > BIOSConnect > Switch to Off.
A Little more in Detail About the Flaw
The problem is simple to understand. Whenever you update the firmware using the BIOSConnect, it should connect to Dell’s servers and check for updates and download them.
But the security company, Eclypsium found that it connects to pretty much any server that has a digital authentication certificate with the same format as those on the Dell servers.
Then it downloads and installs the updates based on the system you have. Perfect scenario for the hackers, isn’t it to just upload a few malicious files and gian control of your laptops?
Once into the system the hacker can control loading of the OS, disable the antivirus, and so on, There are over 128 models at risk of this.
Thankfully, Dell has released a statement saying they have taken corrective measures and that if users have auto-update turned on, the update will install automatically.
If you haven’t taken corrective measure make sure you do. Also, don’t forget to check out Dell’s Dell Security Advisory (DSA-2021-106) for more details on this.
In case you don’t have auto-updates on, make sure you take the steps manually to avoid complications like loss of data, etc.