30M Dell Devices at Risk for Remote BIOS Attacks, RCE:
A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. They affect an estimated 30 million individual Dell endpoints worldwide.
According to an analysis from Eclypsium, the bugs affect 129 different models of laptops, tablet and desktops, including enterprise and consumer devices, that are protected by Secure Boot. Secure Boot is a security standard aimed at making sure that a device boots using only software that is trusted by the device original equipment manufacturer (OEM), to prevent rogue takeovers.
The bugs allow privileged network adversaries to circumvent Secure Boot protections, control the device's boot process and subvert the operating system and higher-layer security controls, researchers at Eclypsium said on Thursday. They carry a cumulative CVSS score of 8.3 out of 10.
Specifically, the issues affect the BIOSConnect feature within Dell SupportAssist (a technical support solution that comes preinstalled on most Windows-based Dell machines). BIOSConnect is used to perform remote OS recoveries or to update the firmware on the device.
"Technology vendors of all types are increasingly implementing over-the-air update processes to make it as easy as possible for their customers to keep their firmware up to date and recover from system failures," researchers noted, in an analysis. "And while this is a valuable option, any vulnerabilities in these processes, such as those we've seen here in Dell's BIOSConnect, can have serious consequences."
The report noted that the specific vulnerabilities allow an attacker to remotely exploit the UEFI firmware of a host and gain control over the most privileged code on the device. "This combination of remote exploitability and high privileges will likely make remote update functionality an alluring target for attackers in the future," the report concluded.
(Score: 3, Touché) by Anonymous Coward on Friday June 25 2021, @12:11AM
If you have to tell people you are, you probably aren't.
(Score: 0, Funny) by Anonymous Coward on Friday June 25 2021, @12:17AM
Dude, you got hacked!
(Score: 2, Funny) by Anonymous Coward on Friday June 25 2021, @12:43AM
Too bad John McAfee's no longer around to save us from malware.
(Score: 5, Insightful) by Anonymous Coward on Friday June 25 2021, @12:44AM (2 children)
Manual updates only! Just look at all the Western Digital MyBook Live users who just had their data remotely wiped for the lulz. https://arstechnica.com/gadgets/2021/06/mass-data-wipe-in-my-book-devices-prompts-warning-from-western-digital/ [arstechnica.com]
(Score: 2) by dltaylor on Friday June 25 2021, @05:07AM
None of my Lives (various purposes: software repositories, media servers, general data) are affected. However, none of them have the remote access features enabled. Also, my firewall basically has an input rule on the cable modem side of "drop all connection attempts". All devices are running on a wired LAN and have WiFi disabled, or, at least, not selected for networking.
WD has had some issues with a default password and LAMP stack authentication/authorization. Their remote access feature(s) used to open firewall ports with UPnP (IIRC), so that may be a factor.
It would require a compromise of one of the network-attached devices to access the Lives. Other than a few Linux boxes of various flavors and an OpenBSD box, I do run Windows 10 on occasion, mostly to keep it updated, a Wii U for streaming, and a Shield TV, for other things the Wii doesn't have. The Windows and the Shield appear to be the most likely vectors, so I'll keep them off (not just sleeping) util there's more info on this.
(Score: 0) by Anonymous Coward on Friday June 25 2021, @07:31AM
Because it may not be your computer, could be your employer/client that they've allocated you and they want to ensure they can recover it remotely.
(Score: 0) by Anonymous Coward on Friday June 25 2021, @01:12AM (2 children)
Everyone needs to find the attack, download it, and bypass the insecure boot on their machines.
Funny how most of the hardware exploits we hear about involve some kind of "security" enhancement that is kind of bolted onto the hardware. Can't we just cut those chips out, and toss them?
(Score: 1, Funny) by Anonymous Coward on Friday June 25 2021, @04:00AM
But but but, the backdoors!!! Do you expect the hardworking spooks to stop spying on us, or what?!
(Score: 0) by Anonymous Coward on Friday June 25 2021, @06:04PM
Yeah actually this sounds like it can be turned into a convenience for those of us that actually try to diagnose hardware issues and need to load alternate tools from time to time without Windows getting into the way...
(Score: 2) by MIRV888 on Friday June 25 2021, @02:29AM (1 child)
They are all watching you.
They all must die.
(joke)
(Score: 2, Insightful) by Anonymous Coward on Friday June 25 2021, @10:36AM
Of course it's anti-semitic to say (any time you bring it up), but right now Israel has its hands in everything from primary development of Intel ME (they shut down the Portland dev group and moved all Intel ME development to Haifa or Tel Aviv, where the userspace portion had already been developed and been responsible for such lovely failings as that 'empty password' flaw in the remote management interface), Matrix (https://hackea.org/notas/matrix.html), to a multitude of other hardware and software projects both domestic and abroad where key figures are Israeli trained developers with strong national, religious, or social imperatives to 'help the cause'.
For every concern about China's activities spying on us or backdooring us, an equally valid concern regarding Israel is shoved behind the curtain because 'anti-semitism!' And this is coming from someone who is primarily concerned with all the technological damage America and American centric corporations have been doing to the tech industry for the past 20-25 years (We haven't won a fight on this front since Clipper/RSA/Crypto export back in the 1990s, and if Tor's current condition is any indication, many other projects may be backdoored, stonewalled, or carefully compromised through 'careless neglect' when in actuality careful malicious consideration has gone into the plausible deniability of the flaws, bugs, and intentional backdoors in projects at home and abroad.
(Score: 4, Interesting) by c0lo on Friday June 25 2021, @03:38AM
... all the computers of my employer (excursively Dell) have been patched since 3-4 weeks ago.
The patch required suspending the BitLocker between two reboots, a thing that everyone needed to do on their WFH computers. A bit of a hassle for us but no drama.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford