IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Secure Boot flaws could enable hackers to take control of Dell devices

Around 30 million Dell devices at risk of hacking

Dell sign on top of a building with overcast skies

Security researchers have discovered several vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. The bugs could enable hackers to run code at the Bios level.

The bugs affect 129 models of enterprise and consumer laptops, tablets, and desktops protected by Secure Boot. Researchers believe more than an estimated 30 million devices are affected.

According to a new report by security researchers at Eclypsium, the chain of flaws gets a CVSS score of 8.3. When used together, these flaws enable a privileged network adversary to impersonate Dell.com and gain arbitrary code execution at the BIOS/UEFI level of the affected device.

This means that hackers could control the device’s boot process and subvert the operating system (OS) and higher-layer security controls. Researchers warned that such code may alter the initial state of an operating system, violating common assumptions on the hardware/firmware layers and breaking OS-level security controls.

“As attackers increasingly shift their focus to vendor supply chains and system firmware, it is more important than ever that organizations have independent visibility and control over the integrity of their devices,” researchers said.

BIOSConnect is part of SupportAssist and enables users to perform a remote OS recovery or update device firmware. In either case (firmware update or OS recovery), BIOSConnect enables the system’s BIOS to contact Dell backend services over the internet and coordinate the update or recovery process.

Related Resource

A new trust model for the 5G era

Data-in-motion security through a 5G infrastructure

Data-in-motion security through a 5G infrastructure - Business man and woman standing together - whitepaper from ThalesDownload now

Researchers found four vulnerabilities that would enable a privileged network attacker to gain arbitrary code execution within the BIOS of vulnerable machines. These flaws were found on a Dell Secured-core PC Latitude 5310 using Secure Boot. Researchers soon found the problem existed on other Dell laptops and desktops.

The first flaw is an insecure TLS Connection from BIOS to Dell. A hacker with a privileged network position could impersonate Dell and deliver attacker-controlled content back to the victim device.

The remaining flaws concern overflow vulnerabilities allowing arbitrary code execution. Hackers impersonating Dell could deliver malicious content back to the victim machine. Two of these vulnerabilities affect the OS recovery process, while the other affects the firmware update process.

The researchers notified Dell of the flaws. Dell has since issued a security advisory and is scheduling BIOS/UEFI updates for affected systems and updates to affected executables from Dell.com.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

Giving Gen-Z staff a clear purpose can advance business growth, sustainability
Business strategy

Giving Gen-Z staff a clear purpose can advance business growth, sustainability

23 Nov 2022
Best laptops for programming and coding in 2022
Laptops

Best laptops for programming and coding in 2022

23 Nov 2022
Why developers are turning to ultra-powerful workstations for more creative freedom at less cost
Whitepaper

Why developers are turning to ultra-powerful workstations for more creative freedom at less cost

22 Nov 2022
Revealed: The top 200 most common passwords of 2022
cyber security

Revealed: The top 200 most common passwords of 2022

17 Nov 2022

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022