- The vulnerability affects SupportAssist program on Dell laptops
- The flaw could allow potential hackers to install malware on your laptop
- Dell has released an update to fix this issue
Most laptops we purchase come with a tonne of pre-installed apps from the manufacturers. A lot of these are generally things you’ll never use but some of them can be useful, like Dell’s SupportAssist program, which automatically scans your laptop for updates and installs them. However, recently a major vulnerability has been discovered in this software, which leaves your laptop open to attack from hackers. This issue affects most recent Dell laptops that have SupportAssist client version prior to 18.104.22.168. Dell has now acknowledged the issue and has released an update to fix it.
The issue was discovered by a 17-year old security researcher named Bill Demirkapi, who has chronicled his findings in his blog post. According to the post, Demirkapi stumbled upon this when he purchased a Dell G3 15 gaming laptop. He upgraded the bundled hard drive to an SSD, after which he had to re-install Windows and other utilities from Dell. Dell’s SupportAssist program intrigued him since the program is designed to automatically check for system and driver updates, which means it has administrator access to modify critical parts of the operating system.
The way in which this can be exploited, as Demirkapi explains, is when the SupportAssist software makes a request to Dell’s website, in order to check for new drivers, a hacker could intercept the request and re-direct it to a rogue website, thereby installing malicious code on your machine, instead of the legitimate update. For this to work, the hacker needs to be on the same network as you so while this might not affect people on private networks, it can be an issue when you use public Wi-Fi networks such as airports or a coffee shop. Demirkapi has posted a step-by-step guide, along with source code on his blog, of how an attacker might take advantage of this flaw.
Demirkapi found this vulnerability back in October 2018 and reached out to Dell for the same. Dell later confirmed the vulnerability and finally released a fix for the same last month. If you’re using SupportAssist on your Dell laptop and the version is below 22.214.171.124, download the latest version from Dell website immediately to safeguard your computer.