It is not often that we come across system-level flaws that affect millions of devices. However, Dell found itself in a situation where a BIOS-related vulnerability enabled unauthorized remote access, impacting more than 30 million devices.
Dell BIOS flaw detected
More importantly, this vulnerability was seen on 100+ models of Dell computers with the BIOSConnect feature. After a few months of the discovery, Dell has released its patches to the BIOSConnect part, shutting down the backdoor for unauthorized access. Dell has requested users to install this patch update as soon as it is available for download.
The researchers at Eclypsium came across the issue on March 2, 2021. They had also notified Dell about the massive problem on March 3, 2021. The researchers had added that the vulnerability could be used to alter the initial state of an OS, including the destruction of security-based control. Since BIOSConnect included an option for remote control access to the devices, a patch on the code left a room that hackers can exploit.
In more than 30 million affected devices, hackers could have exploited the vulnerability and gained OS-level access with admin privileges. We must keep in mind that BIOSConnect was designed to enable support staff to update the OS firmware and other hardware drivers through remote access. It was a feature aimed at the system admins in organizations that handle multiple systems.
The bigger problem with the flaw is that it can affect some of the recently launched laptops. Popular devices like Alienware m15 R6 and Dell Latitude 7320 are also under the problem. If you own any of these devices — or other Dell desktops or laptops, for that matter — you should install the patch as soon as possible.
This is not the first time Dell has come under scrutiny for the lack of proper security measures. The Support-based features, in particular, had caused problems in the beginning, forcing the manufacturer to roll out patches in the same way. Download the patch today!