Do you ever wonder about the pre-built software in your computer? What will happen if it affects your security? What is the worst-case scenario? A pre-installed piece in your computer can pose a serious security risk. Let us understand it from a recent example of Dell breach, a well-known technology company, dealing in hardware and software systems.

Dell is an American multinational computer technology company with their core expertise in hardware and software. A global company that designs, develops, and manufactures personal computers (PCs) and a variety of computer-related products.

Dell SupportAssist, formerly known as Dell System Detect, checks the health of your computer system’s hardware and software. The objective to have this utility in system is-

  • Interact with the Dell Support website and automatically detect Service Tag or Express Service Code of your Dell product
  • Scan the existing device drivers and install missing or available driver updates
  • Perform hardware diagnostic tests

Bill Demirkapi, a young (17-year-old) independent security researcher discovered a critical remote code execution vulnerability in the Dell SupportAssist utility.

Now, how Dell SupportAssist actually works? It runs a web server locally on the user system, using one of the port from 8884, 8883, 8886, or port 8885. Further, it accepts various commands as URL parameters to perform some-predefined tasks on the computer. These tasks include like activities like collecting detailed system information or downloading a software from remote server and installing it on the system.

“An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executable via SupportAssist client from attacker hosted sites,” Multinational computer technology company Dell said in an advisory.

However, our next gen cyber security service can prevent the above-identified ARP attack through detection and remediation process based on IOC and IOA. By analyzing digital footprint, we can prevent such attacks using digital forensic and fraud management techniques. As far as an enterprise network infrastructure is concerned, we can-

  1. Automate threat correlation system and prevent attacks using AI driven threat Intel and behavioral analysis.
  2. Find such attack using proactive threat hunting service (Security Analytics to detect unknown and hidden threats).
  3. Monitor network devices and endpoint devices to find the risks in the environment.
  4. Block threat in the environment using IOC / IOA.

Image: proof of concept source code

After knowing the fact, Dell has patched an improper origin validation (CVE-2019-3718) vulnerability in the Support Assist software. This will help their users to prevent from CSRF (Cross-Site Request Forgery) attack in their systems.

G'SECURE LABS

G'SECURE LABS Offers a comprehensive suite of solutions for BFSI, Enterprises, Online Portals and SME’S

Global HQ
Maria Montessorilaan 5, 2719 DB Zoetermeer,
The Netherlands

India Headquarters:
B/81, Corporate House, Judges Bunglow Road, Bodakdev, Ahmedabad - 380054. India.

+91 79 2685 2554 / 55 / 56