Bitcoin Forum
October 31, 2024, 07:23:58 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: WARNING to all DELL users. Security Flaw in Pre-Installed Dell Support Software.  (Read 231 times)
TheBeardedBaby (OP)
Legendary
*
Offline Offline

Activity: 2240
Merit: 3150


₿uy / $ell ..oeleo ;(


View Profile
June 24, 2019, 11:13:58 AM
 #1

Warning to all DELL users.

Quote
Dell's SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information.

Quote
With this high-level privileges, the utility interacts with the Dell Support website and automatically detects Service Tag or Express Service Code of your Dell product, scans the existing device drivers and installs missing or available driver updates, along with performing hardware diagnostic tests.
However, researchers at SafeBreach Labs discovered that the software insecurely loads .dll files from user-controlled folders when run, leaving a spot for malware and rogue logged-in users to corrupt existing DLLs or replace them with malicious ones.

In other words if you have Dell laptop, don't use the Dell System Detect and update as soon as possible

Quote
Dell Business and home PC users are recommended to update their software to Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2 respectively.
Link for the update >
https://www.dell.com/support/article/no/no/nodhs1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en

The source.

Keep your coins save!

Juggy777
Hero Member
*****
Offline Offline

Activity: 2646
Merit: 686


View Profile
June 24, 2019, 12:44:46 PM
 #2

Warning to all DELL users.

Quote
Dell's SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information.

Quote
With this high-level privileges, the utility interacts with the Dell Support website and automatically detects Service Tag or Express Service Code of your Dell product, scans the existing device drivers and installs missing or available driver updates, along with performing hardware diagnostic tests.
However, researchers at SafeBreach Labs discovered that the software insecurely loads .dll files from user-controlled folders when run, leaving a spot for malware and rogue logged-in users to corrupt existing DLLs or replace them with malicious ones.

In other words if you have Dell laptop, don't use the Dell System Detect and update as soon as possible

Quote
Dell Business and home PC users are recommended to update their software to Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2 respectively.
Link for the update >
https://www.dell.com/support/article/no/no/nodhs1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en

The source.

Keep your coins save!

@iasenko thanks for this important update as I’m using a dell laptop, and would have suffered a lot had hackers been able to access my system. Dell should have emailed all it’s clients about this, and it’s a shame they didn’t send any warning to us. When I brought a dell laptop I thought I was buying from a premium brand which would keep my data safe, but when I read about this I feel disappointed in dell and it’s services.
rhomelmabini
Hero Member
*****
Offline Offline

Activity: 2058
Merit: 578

No God or Kings, only BITCOIN.


View Profile
June 24, 2019, 01:05:47 PM
 #3

Seen this one on "Forbes" website about their blog for cybersecurity. I want to post it here as well for the bitcointalk users to know especially those DELL users but I was getting out of time and moreover I really forgotten this one. Thanks for the heads up @iasenko.

TheBeardedBaby (OP)
Legendary
*
Offline Offline

Activity: 2240
Merit: 3150


₿uy / $ell ..oeleo ;(


View Profile
June 24, 2019, 01:22:05 PM
 #4

Good to know that those kind of threads really help, I'm keeping eye on the many security topics so maybe it will be useful to post important flaws/vulnerabilities here. Just wondering if this is a good place them.

rhomelmabini
Hero Member
*****
Offline Offline

Activity: 2058
Merit: 578

No God or Kings, only BITCOIN.


View Profile
June 24, 2019, 01:44:08 PM
 #5

Good to know that those kind of threads really help, I'm keeping eye on the many security topics so maybe it will be useful to post important flaws/vulnerabilities here. Just wondering if this is a good place them.
There isn't/aren't a specific guideline/s where to post these kind of threads base on https://bitcointalk.org/index.php?topic=703657.0#post_guidelines. I guess it will still be appropriate to post here or maybe Meta? If there will be a childboard for B&H just for warnings related to software and hardware security that will be a nice feature.

Theb
Hero Member
*****
Offline Offline

Activity: 1680
Merit: 655


View Profile
June 24, 2019, 03:15:46 PM
 #6

From a browser software (Mozilla Firefox) to an exclusive security software built for Dell PCs and laptops there are now targeting a lot of softwares/programs outside of the scope of what we used to see. Before we are only just seeing Wallets getting phished and getting tracked on now they are getting more desperate on stealing money from us. If I were you I'll add another step on scanning my pc for malwares and biruses before opening up any of my wallets, storing your private keys in your PC is not an option anymore.

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
TheBeardedBaby (OP)
Legendary
*
Offline Offline

Activity: 2240
Merit: 3150


₿uy / $ell ..oeleo ;(


View Profile
June 24, 2019, 03:36:23 PM
 #7

From a browser software (Mozilla Firefox) to an exclusive security software built for Dell PCs and laptops there are now targeting a lot of softwares/programs outside of the scope of what we used to see. Before we are only just seeing Wallets getting phished and getting tracked on now they are getting more desperate on stealing money from us. If I were you I'll add another step on scanning my pc for malwares and biruses before opening up any of my wallets, storing your private keys in your PC is not an option anymore.

Hardware wallets, that's the key. Using a PC for regular browsing and storing crypto on it with this crazy price variations makes it just an easy target. I have Electrum on my regular PC only to sign and verify messages, so ... Keep your coins save.

Theb
Hero Member
*****
Offline Offline

Activity: 1680
Merit: 655


View Profile
June 24, 2019, 06:24:42 PM
 #8

From a browser software (Mozilla Firefox) to an exclusive security software built for Dell PCs and laptops there are now targeting a lot of softwares/programs outside of the scope of what we used to see. Before we are only just seeing Wallets getting phished and getting tracked on now they are getting more desperate on stealing money from us. If I were you I'll add another step on scanning my pc for malwares and biruses before opening up any of my wallets, storing your private keys in your PC is not an option anymore.

Hardware wallets, that's the key. Using a PC for regular browsing and storing crypto on it with this crazy price variations makes it just an easy target. I have Electrum on my regular PC only to sign and verify messages, so ... Keep your coins save.

It really is. If people don't have an extra pc that they can stay away from regular browsing then a hardware wallet is the cheapest alternative they can have. And from what I have seen in the past people are so reluctant when it comes to safety of their cryptocurrencies only to find out that they have fallen victim to this vulnerable softwares and spywares.

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
TryNinja
Legendary
*
Offline Offline

Activity: 3010
Merit: 7419


Top Crypto Casino


View Profile WWW
June 24, 2019, 07:36:36 PM
 #9

Yikes. My Dell XPS 15 came with this software. Thankfully I installed Ubuntu right after it arrived.

Crazy how there are so many vulnerabilies everywhere (VLC, DELL software, ...) that goes unnoticed. Anything can be vulnerable to attack vectors. Undecided
it's sad how we can't just say anymore that we are safe as long as we don't download random stuff over the internet.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
anu1908
Sr. Member
****
Offline Offline

Activity: 770
Merit: 268


View Profile
June 25, 2019, 07:01:34 AM
 #10

it's sad how we can't just say anymore that we are safe as long as we don't download random stuff over the internet.

yep. basic rule should be:
- beware of closed source apps
- don't download random stuff from the internet

or if you want something extreme, don't get connected to the internet.
timerland
Hero Member
*****
Offline Offline

Activity: 1526
Merit: 596


View Profile
June 25, 2019, 08:36:31 PM
 #11

Quote
In other words if you have Dell laptop, don't use the Dell System Detect and update as soon as possible

Christ. Does this apply only if you have a Dell laptop, or is it PCs as well? In the article it mentions both laptops and PCs but here you only mention laptops, so could there be potentially some further clarification?

I guess to be safe, if you own any dell products, just check anyways.

Yikes. My Dell XPS 15 came with this software. Thankfully I installed Ubuntu right after it arrived.

Crazy how there are so many vulnerabilies everywhere (VLC, DELL software, ...) that goes unnoticed. Anything can be vulnerable to attack vectors. Undecided
it's sad how we can't just say anymore that we are safe as long as we don't download random stuff over the internet.

You really got to be extremely careful and stay up to date with these things.

And this is not just something that is brand discriminatory - it can happen to any OS, any manufacturer, any brand. There's a ton of people seem to think that they are protected simply because they use a OS different to windows, or that buying a certain brand's products will mean they can store their coins safely on a machine all of a sudden.

Smiley
TheBeardedBaby (OP)
Legendary
*
Offline Offline

Activity: 2240
Merit: 3150


₿uy / $ell ..oeleo ;(


View Profile
June 25, 2019, 10:27:12 PM
 #12

Quote
In other words if you have Dell laptop, don't use the Dell System Detect and update as soon as possible

Christ. Does this apply only if you have a Dell laptop, or is it PCs as well? In the article it mentions both laptops and PCs but here you only mention laptops, so could there be potentially some further clarification?

I guess to be safe, if you own any dell products, just check anyways.

Yikes. My Dell XPS 15 came with this software. Thankfully I installed Ubuntu right after it arrived.

Crazy how there are so many vulnerabilies everywhere (VLC, DELL software, ...) that goes unnoticed. Anything can be vulnerable to attack vectors. Undecided
it's sad how we can't just say anymore that we are safe as long as we don't download random stuff over the internet.

You really got to be extremely careful and stay up to date with these things.

And this is not just something that is brand discriminatory - it can happen to any OS, any manufacturer, any brand. There's a ton of people seem to think that they are protected simply because they use a OS different to windows, or that buying a certain brand's products will mean they can store their coins safely on a machine all of a sudden.

As I understand every system with installed dell support software is affected, but there is already a patch, so just patch it up and you will be good to go Smiley

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!