A flawed Dell support tool could potentially be used by cybercriminals to compromise the system. The vulnerability was found by Tom Forbes, a security engineer, when he reverse engineered the code to see where it lead. He found that any website with the word “dell” in the referral URL could help cybercriminals to send their own script to the Dell computer requesting the support.
The support tool, called Dell System Detect, is used when users are not aware of the make and model of their Dell computer. When they use the Dell System Detect, it is supposed to contact Dell website and scan for the tags to fill in the system make textbox in the support tool. But this code left a vulnerability so that cybercriminals can use their own domains such as http://cybercriminal.com/dell to download malicious code to the computer and compromise it.
While Dell thought that including “dell” in the referral would make sure that they wouldn’t contact other websites, it turned out that the support tool could contact any website that had the word “dell” anywhere in the URL so it could be a subdomain with “dell” in it or a page with “dell” in the URL. This left the Dell computers vulnerable for almost a year.
After the vulnerability was found and reported, Dell acted and patched the vulnerability. Dell had pushed an update to all affected Dell computers to patch the vulnerability. But Tom says he is not sure how strong the patch is because the new code (the patch code) issued by Dell is much harder to reverse engineer.
It is not known if any Dell systems were compromised using the Dell Support Tool as Forbes made the vulnerability public only on March 23 2015. Forbes further said he is not sure the patch can be totally effective as they may have just changed the algorithm to include the word “dell” in the main domain name. This makes it harder to break but still leaves the computers vulnerable.
- Tags: Dell