Secure Boot flaws could enable hackers to take control of Dell devices
Around 30 million Dell devices at risk of hacking
Security researchers have discovered several vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. The bugs could enable hackers to run code at the Bios level.
The bugs affect 129 models of enterprise and consumer laptops, tablets, and desktops protected by Secure Boot. Researchers believe more than an estimated 30 million devices are affected.
According to a new report by security researchers at Eclypsium, the chain of flaws gets a CVSS score of 8.3. When used together, these flaws enable a privileged network adversary to impersonate Dell.com and gain arbitrary code execution at the BIOS/UEFI level of the affected device.
This means that hackers could control the device’s boot process and subvert the operating system (OS) and higher-layer security controls. Researchers warned that such code may alter the initial state of an operating system, violating common assumptions on the hardware/firmware layers and breaking OS-level security controls.
“As attackers increasingly shift their focus to vendor supply chains and system firmware, it is more important than ever that organizations have independent visibility and control over the integrity of their devices,” researchers said.
BIOSConnect is part of SupportAssist and enables users to perform a remote OS recovery or update device firmware. In either case (firmware update or OS recovery), BIOSConnect enables the system’s BIOS to contact Dell backend services over the internet and coordinate the update or recovery process.
RELATED RESOURCE
Researchers found four vulnerabilities that would enable a privileged network attacker to gain arbitrary code execution within the BIOS of vulnerable machines. These flaws were found on a Dell Secured-core PC Latitude 5310 using Secure Boot. Researchers soon found the problem existed on other Dell laptops and desktops.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
The first flaw is an insecure TLS Connection from BIOS to Dell. A hacker with a privileged network position could impersonate Dell and deliver attacker-controlled content back to the victim device.
The remaining flaws concern overflow vulnerabilities allowing arbitrary code execution. Hackers impersonating Dell could deliver malicious content back to the victim machine. Two of these vulnerabilities affect the OS recovery process, while the other affects the firmware update process.
The researchers notified Dell of the flaws. Dell has since issued a security advisory and is scheduling BIOS/UEFI updates for affected systems and updates to affected executables from Dell.com.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
Copilot Cowork is now generally availableNews A host of partner plugins are already available for Copilot Cowork, and more are coming
-
Westcon-Comstor eyes new growth with General Atlantic investmentNews The strategic agreement introduces the investment firm as a minority shareholder and financing partner as the distributor targets further expansion
-
AI is shrinking attack windows, and it’s forcing a complete rethink of cyber resilience – here’s how organizations can prepareNews Commvault has urged companies to improve their business continuity and resilience plans in the face of flaws spotted by AI
-
Why cyber resilience isn’t just a defence mechanism: How to create a secure foundation for innovation, tooSponsored Investing in a solid enterprise system that incorporates security by design lets you ensure business continuity while encouraging innovation at pace
-
Anthropic targets vulnerability detection gains with Claude Security public beta — here's what users can expectNews The Claude Mythos developer is aiming for a more limited approach to cyber tooling for public consumption
-
Researchers warn millions of RDP and VNC servers are wide open to exploitationNews Researchers at Forescout spotted millions of RDP and VNC servers exposed online
-
Brace yourselves for a vulnerability explosion, Forescout warnsNews AI advances are helping identify software flaws at record pace and scale, but that's not the good news some would think
