• Home
  • Laptops
  • Laptops News
  • Dell SupportAssist Software Vulnerability Exposed by 17 Year Old Security Researcher: Report

Dell SupportAssist Software Vulnerability Exposed by 17-Year Old Security Researcher: Report

If you’ve purchased a Dell laptop recently, you might want to update this software immediately.

Share on Facebook Tweet Snapchat Share Reddit Comment
Dell SupportAssist Software Vulnerability Exposed by 17-Year Old Security Researcher: Report

Dell's SoftwareAssist app has recently been patched to fix this vulnerability

Highlights
  • The vulnerability affects SupportAssist program on Dell laptops
  • The flaw could allow potential hackers to install malware on your laptop
  • Dell has released an update to fix this issue

Most laptops we purchase come with a tonne of pre-installed apps from the manufacturers. A lot of these are generally things you'll never use but some of them can be useful, like Dell's SupportAssist program, which automatically scans your laptop for updates and installs them. However, recently a major vulnerability has been discovered in this software, which leaves your laptop open to attack from hackers. This issue affects most recent Dell laptops that have SupportAssist client version prior to 3.2.0.90. Dell has now acknowledged the issue and has released an update to fix it.

The issue was discovered by a 17-year old security researcher named Bill Demirkapi, who has chronicled his findings in his blog post. According to the post, Demirkapi stumbled upon this when he purchased a Dell G3 15 gaming laptop. He upgraded the bundled hard drive to an SSD, after which he had to re-install Windows and other utilities from Dell. Dell's SupportAssist program intrigued him since the program is designed to automatically check for system and driver updates, which means it has administrator access to modify critical parts of the operating system.

The way in which this can be exploited, as Demirkapi explains, is when the SupportAssist software makes a request to Dell's website, in order to check for new drivers, a hacker could intercept the request and re-direct it to a rogue website, thereby installing malicious code on your machine, instead of the legitimate update. For this to work, the hacker needs to be on the same network as you so while this might not affect people on private networks, it can be an issue when you use public Wi-Fi networks such as airports or a coffee shop. Demirkapi has posted a step-by-step guide, along with source code on his blog, of how an attacker might take advantage of this flaw.

Demirkapi found this vulnerability back in October 2018 and reached out to Dell for the same. Dell later confirmed the vulnerability and finally released a fix for the same last month. If you're using SupportAssist on your Dell laptop and the version is below 3.2.0.90, download the latest version from Dell website immediately to safeguard your computer.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Dell, SupportAssist, hacking
Roydon Cerejo Roydon Cerejo writes about smartphones and laptops for Gadgets 360, out of Mumbai. He is the Deputy Editor (Reviews) at Gadgets 360. He has frequently written about the smartphone and PC industry and also has an interest in photography. With over a decade of experience covering the consumer technology space, he is also an avid sci-fi movie and TV show geek and is always up for good horror flick. Roydon is available at roydon@gadgets360.com, so please send in your leads and tips. More
Redmi Note 7 Sent for a Space Voyage, Returns Unharmed
EU to Investigate Apple Over Spotify's Competition Claims: Report

Related Stories

 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com