Notebookcheck

Dell laptops confirmed to be affected by serious SupportAssist security flaw

Dell has really dropped the ball here. (Image source: Dell)
Dell has really dropped the ball here. (Image source: Dell)
Dell reportedly sat silently on a critical SupportAssist vulnerability for nearly 6 months, according to the security researcher that reported it to the company. If you have the software installed, then chances are that your laptop will be affected, and it will be open to attackers unless you have recently updated SupportAssist.

If you have a Dell laptop, stop what you are doing and check what version of Dell SupportAssist you have installed. If its version number is older than 3.2.0.90, then download the latest version immediately; you can find the installer here, which we have taken from Dell Support. Uninstalling it would be a good alternative too.

Why you ask? Well, it turns out that SupportAssist has been open to attackers for a long time, and Dell has only just fixed it. The company markets the software as "the industry’s first automated proactive and predictive support technology" that it has designed to "proactively check the health of your system’s hardware and software". Importantly, Dell pre-installs this is on "most of all new" devices. Putting that abstract statement into context, Dell reported a US$10.9 billion revenue from laptop and PC sales earlier this year according to Bloomberg, so it is talking about installing SupportAssist on millions of computers.  

All credit goes to Bill Demirkapi, who found this vulnerability and reported it to Dell. He has a blog that goes into great detail on this matter covers the matter. You can also find him on Twitter @BillDemirkapi.

In short, the security issue that he found centres on how the SupportAssist client communicates with the Dell Support website when finding and installing new drivers. Dell has configured the client to download and automatically install drivers, the files for which can be intercepted. An attacker could then send out their own malicious files and have SupportAssist automatically install them. Demirkapi has released a proof of concept video that we have included below, while Dell has now fixed the vulnerability and published an advisory note, which you can read here.

It is bad enough that it took a teenager to find a security exploit that seems to be by design, but Dell's handling of the issue makes matters even worse. This will have affected millions of computers, yet it took the company almost six months to release a fix from when it first responded to Demirkapi's initial report. He listed the timeline of events as follows:

  • 10/26/2018 - Initial write up sent to Dell.
  • 10/29/2018 - Initial response from Dell.
  • 11/22/2018 - Dell has confirmed the vulnerability.
  • 11/29/2018 - Dell scheduled a “tentative” fix to be released in Q1 2019.
  • 01/28/2019 - Disclosure date extended to March.
  • 03/13/2019 - Dell is still fixing the vulnerability and has scheduled disclosure for the end of April.
  • 04/18/2019 - Vulnerability disclosed as an advisory.

Please see Demirkapi's blog for a full explanation of the remote code execution exploit, into which he has outlined fully. Poor show indeed, Dell.

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2019 05 > Dell laptops confirmed to be affected by serious SupportAssist security flaw
Alex Alderson, 2019-05- 3 (Update: 2019-05- 3)
Alex Alderson
Alex Alderson - News Editor
I got my first smartphone aged 11, my first PC aged 12 and I have been tinkering with electronics ever since. I like to keep abreast of the latest news and technology, which inevitably leads me to switch my laptop and phone every few months. When I'm not writing for Notebookcheck, you will find me seeking out new coffee shops, bars and trying to find some hidden gems in record stores.