• Home
  • Laptops
  • Laptops News
  • Dell SupportAssist Software Vulnerability Exposed by 17 Year Old Security Researcher: Report

Dell SupportAssist Software Vulnerability Exposed by 17-Year Old Security Researcher: Report

If you’ve purchased a Dell laptop recently, you might want to update this software immediately.

Share on Facebook Tweet Share Reddit Comment
Dell SupportAssist Software Vulnerability Exposed by 17-Year Old Security Researcher: Report

Dell's SoftwareAssist app has recently been patched to fix this vulnerability

  • The vulnerability affects SupportAssist program on Dell laptops
  • The flaw could allow potential hackers to install malware on your laptop
  • Dell has released an update to fix this issue

Most laptops we purchase come with a tonne of pre-installed apps from the manufacturers. A lot of these are generally things you'll never use but some of them can be useful, like Dell's SupportAssist program, which automatically scans your laptop for updates and installs them. However, recently a major vulnerability has been discovered in this software, which leaves your laptop open to attack from hackers. This issue affects most recent Dell laptops that have SupportAssist client version prior to Dell has now acknowledged the issue and has released an update to fix it.

The issue was discovered by a 17-year old security researcher named Bill Demirkapi, who has chronicled his findings in his blog post. According to the post, Demirkapi stumbled upon this when he purchased a Dell G3 15 gaming laptop. He upgraded the bundled hard drive to an SSD, after which he had to re-install Windows and other utilities from Dell. Dell's SupportAssist program intrigued him since the program is designed to automatically check for system and driver updates, which means it has administrator access to modify critical parts of the operating system.

The way in which this can be exploited, as Demirkapi explains, is when the SupportAssist software makes a request to Dell's website, in order to check for new drivers, a hacker could intercept the request and re-direct it to a rogue website, thereby installing malicious code on your machine, instead of the legitimate update. For this to work, the hacker needs to be on the same network as you so while this might not affect people on private networks, it can be an issue when you use public Wi-Fi networks such as airports or a coffee shop. Demirkapi has posted a step-by-step guide, along with source code on his blog, of how an attacker might take advantage of this flaw.

Demirkapi found this vulnerability back in October 2018 and reached out to Dell for the same. Dell later confirmed the vulnerability and finally released a fix for the same last month. If you're using SupportAssist on your Dell laptop and the version is below, download the latest version from Dell website immediately to safeguard your computer.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Further reading: Dell, SupportAssist, hacking
Roydon Cerejo

Roydon has written about technology and gadgets for more than a decade now and began his career reviewing PC components. He found his calling with laptops, smartphones, and cameras and is the go-to guy at Gadgets 360 for this technology trifecta. In his spare time, he likes watching horror films, obsessively organising his cable management pouch and plotting world dominion one pixel at a time.

Redmi Note 7 Sent for a Space Voyage, Returns Unharmed
EU to Investigate Apple Over Spotify's Competition Claims: Report




© Copyright Red Pixels Ventures Limited 2019. All rights reserved.