Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Eclypsium: BIOSConnect Flaws Haunt Millions of Dell Computers

Security researchers at Eclypsium have figured out a way to exploit a set of high-severity vulnerabilities that expose millions of Dell computers to stealthy hacker attacks.

Security researchers at Eclypsium have figured out a way to exploit a set of high-severity vulnerabilities that expose millions of Dell computers to stealthy hacker attacks.

Eclypsium, a U.S. company that addresses firmware security threats, said the issue affects 129 Dell models of consumer and business laptops, desktops, and tablets, including devices that use Microsoft’s new Secured-core PC protections.

The company published a technical report to document the discovery, which affects an estimated 30 million Dell computer devices.  Separately, Dell released software fixes alongside a warning that this should be treated as a high-impact issue.

In all, Dell shipped patches for at least four documented CVEs credited to Eclypsium researchers Mickey Shkatov and Jesse Michael.  The researchers plan to discuss the vulnerabilities and potential impact at this years DEF CON security conference.

[ Related: Hackers Can Plant Backdoors on Bare Metal Cloud Servers ]

The Eclypsium researchers found the problems in the BIOSConnect feature within Dell Client BIOS.  “[This issue] allows a privileged network adversary to impersonate Dell.com and gain arbitrary code execution at the BIOS/UEFI level of the affected device. Such an attack would enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls,” Shkatov and Michael said in a published paper

“These vulnerabilities enable an attacker to remotely execute code in the pre-boot environment. Such code may alter the initial state of an operating system, violating common assumptions on the hardware/firmware layers and breaking OS-level security controls,” the researchers said. 

The problematic BIOSConnect feature lives within another updating mechanism called SupportAssist that’s used to handle update and remote management on Dell computers.

Specifically, the Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. “A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering,” Dell warned in its advisory.

Dell confirmed and patched three additional issues identified by Eclypsium, including a buffer overflow bug in Dell BIOSConnec that could allow an authenticated malicious admin user with local access to the system to run arbitrary code and bypass UEFI restrictions.

Eclypsium is warning that this combination of remote exploitability and high privileges will likely make remote update functionality an alluring target for attackers in the future.  

Related: Enterprise Device Security Company Eclypsium Raises $13 Million

Related: ‘BootHole’ Flaw Allows Installation of Stealthy Malware

Related: Hackers Can Plant Backdoors on Bare Metal Cloud Servers

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.