Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Thursday May 02 2019, @07:08PM   Printer-friendly
from the makes-the-hairs-on-your-neck-stand-up dept.

Remote Code Execution on most Dell computers

Remote Code Execution on most Dell computers

What computer do you use? Who made it? Have you ever thought about what came with your computer? When we think of Remote Code Execution (RCE) vulnerabilities in mass, we might think of vulnerabilities in the operating system, but another attack vector to consider is "What third-party software came with my PC?". In this article, I'll be looking at a Remote Code Execution vulnerability I found in Dell SupportAssist, software meant to "proactively check the health of your system's hardware and software" and which is "preinstalled on most of all new Dell devices".

[...]Back in September, I was in the market for a new laptop because my 7-year-old Macbook Pro just wasn't cutting it anymore. I was looking for an affordable laptop that had the performance I needed and I decided on Dell's G3 15 laptop. I decided to upgrade my laptop's 1 terabyte hard drive to an SSD. After upgrading and re-installing Windows, I had to install drivers. This is when things got interesting. After visiting Dell's support site, I was prompted with an interesting option.

[...]"Detect PC"? How would it be able to detect my PC? Out of curiosity, I clicked on it to see what happened.

[...]A program which automatically installs drivers for me. Although it was a convenient feature, it seemed risky. The agent wasn't installed on my computer because it was a fresh Windows installation, but I decided to install it to investigate further. It was very suspicious that Dell claimed to be able to update my drivers through a website.

Here is a link to the Dell advisory.

What could possibly go wrong?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by bradley13 on Friday May 03 2019, @02:01PM

    by bradley13 (3053) on Friday May 03 2019, @02:01PM (#838397) Homepage Journal

    Seriously, kudos to Dell. I read through TFA - well, skimmed really. The researcher describes the security measures he found, in detail, and there are a lot of them. He had to work hard to break the system. In the end, people are fallible, and he found a mistake* that let him in. Dell credited him with the find, and fixed the problem. That's how it should be.

    *For anyone who is curious, the key was this mistake: The program checks a transmitted connection string; if it is not https, it is changed to be https. However, some programmer forgot to trim the string before checking. The security research was therefore able to avoid an automatic switch to https by transmitting a string with a blank in front (" http://"); he was then able to MITM the unencrypted connection.

    --
    Everyone is somebody else's weirdo.
    Starting Score:    1  point
    Moderation   +2  
       Interesting=2, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4