Dell SupportAssist Software Vulnerability Exposed by 17-Year Old Security Researcher: Report

If you’ve purchased a Dell laptop recently, you might want to update this software immediately.

By Roydon Cerejo | Updated: 6 May 2019 15:33 IST

Dell SupportAssist Software Vulnerability Exposed by 17-Year Old Security Researcher: Report

Dell's SoftwareAssist app has recently been patched to fix this vulnerability

Highlights

The vulnerability affects SupportAssist program on Dell laptops
The flaw could allow potential hackers to install malware on your laptop
Dell has released an update to fix this issue

Most laptops we purchase come with a tonne of pre-installed apps from the manufacturers. A lot of these are generally things you'll never use but some of them can be useful, like Dell's SupportAssist program, which automatically scans your laptop for updates and installs them. However, recently a major vulnerability has been discovered in this software, which leaves your laptop open to attack from hackers. This issue affects most recent Dell laptops that have SupportAssist client version prior to 3.2.0.90. Dell has now acknowledged the issue and has released an update to fix it.

The issue was discovered by a 17-year old security researcher named Bill Demirkapi, who has chronicled his findings in his blog post. According to the post, Demirkapi stumbled upon this when he purchased a Dell G3 15 gaming laptop. He upgraded the bundled hard drive to an SSD, after which he had to re-install Windows and other utilities from Dell. Dell's SupportAssist program intrigued him since the program is designed to automatically check for system and driver updates, which means it has administrator access to modify critical parts of the operating system.

The way in which this can be exploited, as Demirkapi explains, is when the SupportAssist software makes a request to Dell's website, in order to check for new drivers, a hacker could intercept the request and re-direct it to a rogue website, thereby installing malicious code on your machine, instead of the legitimate update. For this to work, the hacker needs to be on the same network as you so while this might not affect people on private networks, it can be an issue when you use public Wi-Fi networks such as airports or a coffee shop. Demirkapi has posted a step-by-step guide, along with source code on his blog, of how an attacker might take advantage of this flaw.

Demirkapi found this vulnerability back in October 2018 and reached out to Dell for the same. Dell later confirmed the vulnerability and finally released a fix for the same last month. If you're using SupportAssist on your Dell laptop and the version is below 3.2.0.90, download the latest version from Dell website immediately to safeguard your computer.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.