Dell laptops, desktops, and tablets have four “severe” vulnerabilities that could let hackers take over the devices, affecting over 30 million computers. The company confirmed this and has released a patch for the vulnerability in its BIOSConnect feature. This is designed to enable remote recovery and firmware updates, but also left a door open to hackers. Dell has issued an advisory in response to the vulnerabilities and has started releasing patches for its BIOS available on all of the affected devices.
Security researchers at enterprise device security company Eclypsium discovered the vulnerabilities and researchers said that the issues affect as many as 129 types of Dell laptops, desktops, and tablets. This includes models that are meant specifically for enterprises and are protected by the Secure Boot security standard.
Dell has acknowledged the existence of all four vulnerabilities reported by the Eclypsium researchers. It has also started rolling out patches for BIOS that users can download upon their arrival. Meanwhile, the company has also advised users to disable BIOSConnect. A couple of workarounds for that have been provided on the company’s support page.
“These vulnerabilities enable an attacker to remotely execute code in the pre-boot environment. Such code may alter the initial state of an operating system, violating common assumptions on the hardware/ firmware layers and breaking OS-level security controls,” the researchers said. The vulnerabilities were discovered on March 2, and Dell was notified about them on March 3, according to Eclypsium.
BIOSConnect is a feature of Dell’s SupportAssist remote support system, and comes pre-installed on most Windows-based Dell computers. For companies, this lets them update the firmware and perform remote OS recovery for their employee’s laptops and computers. In theory, this should make the machines more secure as the enterprise is able to ensure that everyone’s computers are up to date.
Researchers however found that BIOSConnect itself opened the computers up to serious security threats. Of the four vulnerabilities discovered in the preloaded feature, one that is noted as CVE-2021-21571 allows insecure connections for firmware updates.
“When attempting to connect to the backend Dell HTTP server, the TLS connection from BIOSConnect will accept any valid wildcard certificate. This allows an attacker with a privileged network position to impersonate Dell and deliver attacker-controlled content back to the victim device,” the researchers explained.
The remaining three issues are classified as overflow vulnerabilities (CVE-2021-21572, CVE-2021-21573, CVE-2021-21574) that could help attackers execute arbitrary code. Two of them are found to be affecting the OS recovery process, while the other one impacts the process of updating the firmware. The researchers said that all three of these vulnerabilities are independent and any of them could be used to execute malicious code in BIOS.
Who all are affected by Dell’s BIOSConnect security vulnerability?
The list of affected devices that have started getting BIOS patches includes some recently launched laptops such as the Alienware m15 R6, Dell G5 15 5500, Dell G7 (7500), Dell Inspiron 13 (5310), and the Dell Latitude 7320. There are also recent desktop models such as the OptiPlex 7090 Tower, and the OptiPlex 7780 All-in-One.
This isn’t the first time Dell computers are found to be affected by security vulnerabilities. In May, Dell released a security patch for its firmware update driver module to fix as many as five high-severity flaws that had been in use since 2009. The SupportAssist tool also received a fix in 2019 for a critical flaw that had left millions of systems at risk of a privilege-escalation attack.