The Dell SupportAssist Flaw Actually Affects More Devices Than Just Dell's
Dell is among the top three companies globally in terms of laptop market share. Despite that, it appears to have an Achilles' Heel in its own security and support software. Barring the irony, Dell SupportAssist has been exposed to critical vulnerabilities previously too, but thankfully, none of these have been escalated to a widespread disaster.
The latest vulnerability, discovered by US-based cybersecurity firm SafeBreach, reveals a code glitch that allowed attackers system-level privilege to systems installed with Dell SupportAssist. This is the second time in as many months that Dell has had to issue an immediate patch with critical urgency for a vulnerability in the SupportAssist software. However, unlike the previous flaw that required an attacker to be on the same internet network as the user, this one can be misused from anywhere in the world.
Speaking to News18, Peleg Hadar, cybersecurity researcher at SafeBreach, said, "Both (the flaws) are delivered and pre-installed with Dell’s SupportAssist, but these are different regions of code. (With this), an attacker can drop a file to the vulnerable folder using methods such as drive-by download or social engineering, then it will be loaded and executed by the vulnerable software."
The flaw allowed loading of malicious, unsigned DLL files on to a laptop or PC, hence giving remote access that could be used to steal financial data or private photographs, alongside installing surveillance tools or ransomware. The glitch, however, appears to have originated with PC-Doctor, a third party licensed by Dell to build its security software. In fact, PC-Doctor also happens to supply software that is pre-loaded as drivers or security software by multiple OEMs across the world, the full list of which remains undisclosed to public. This essentially means that the vulnerability will have affected more than just Dell PCs preinstalled with the SupportAssist software, thereby increasing the possibility of affected devices to a much higher number.
In its official blog post announcing the discovery, Peleg Hadar, cybersecurity researcher at SafeBreach, reveals that the list of affected software also include PC-Doctor Toolbox for Windows (its self-labelled third party tool that can be downloaded by users), and firmware for accessories made by Tobii and Corsair. It is not clear if patches from the respective OEMs are already out, but given that the data is now public, one can expect a patch to have been released already.
Given that the names of other OEMs have not been discovered, it is wise for any laptop user to ensure that all system updates are installed on their PCs, even if ancillary updates are delayed. The issue has also affected software for accessories and components, which further escalates the count of affected users to hundreds of millions.