WARNING to all DELL users. Security Flaw in Pre-Installed Dell Support Software.

[TheBeardedBaby]

Warning to all DELL users.

Dell's SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information.

With this high-level privileges, the utility interacts with the Dell Support website and automatically detects Service Tag or Express Service Code of your Dell product, scans the existing device drivers and installs missing or available driver updates, along with performing hardware diagnostic tests.
However, researchers at SafeBreach Labs discovered that the software insecurely loads .dll files from user-controlled folders when run, leaving a spot for malware and rogue logged-in users to corrupt existing DLLs or replace them with malicious ones.

In other words if you have Dell laptop, don't use the Dell System Detect and update as soon as possible

Dell Business and home PC users are recommended to update their software to Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2 respectively.

Link for the update >
https://www.dell.com/support/article/no/no/nodhs1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en

The source.

Keep your coins save!

[Juggy777]

Warning to all DELL users.

Dell's SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information.

With this high-level privileges, the utility interacts with the Dell Support website and automatically detects Service Tag or Express Service Code of your Dell product, scans the existing device drivers and installs missing or available driver updates, along with performing hardware diagnostic tests.
However, researchers at SafeBreach Labs discovered that the software insecurely loads .dll files from user-controlled folders when run, leaving a spot for malware and rogue logged-in users to corrupt existing DLLs or replace them with malicious ones.

In other words if you have Dell laptop, don't use the Dell System Detect and update as soon as possible

Dell Business and home PC users are recommended to update their software to Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2 respectively.

Link for the update >
https://www.dell.com/support/article/no/no/nodhs1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en

The source.

Keep your coins save!

@iasenko thanks for this important update as I’m using a dell laptop, and would have suffered a lot had hackers been able to access my system. Dell should have emailed all it’s clients about this, and it’s a shame they didn’t send any warning to us. When I brought a dell laptop I thought I was buying from a premium brand which would keep my data safe, but when I read about this I feel disappointed in dell and it’s services.

[rhomelmabini]

Seen this one on "Forbes" website about their blog for cybersecurity. I want to post it here as well for the bitcointalk users to know especially those DELL users but I was getting out of time and moreover I really forgotten this one. Thanks for the heads up @iasenko.

[TheBeardedBaby]

Good to know that those kind of threads really help, I'm keeping eye on the many security topics so maybe it will be useful to post important flaws/vulnerabilities here. Just wondering if this is a good place them.

[rhomelmabini]

Good to know that those kind of threads really help, I'm keeping eye on the many security topics so maybe it will be useful to post important flaws/vulnerabilities here. Just wondering if this is a good place them.

There isn't/aren't a specific guideline/s where to post these kind of threads base on https://bitcointalk.org/index.php?topic=703657.0#post_guidelines. I guess it will still be appropriate to post here or maybe Meta? If there will be a childboard for B&H just for warnings related to software and hardware security that will be a nice feature.

[Theb]

From a browser software (Mozilla Firefox) to an exclusive security software built for Dell PCs and laptops there are now targeting a lot of softwares/programs outside of the scope of what we used to see. Before we are only just seeing Wallets getting phished and getting tracked on now they are getting more desperate on stealing money from us. If I were you I'll add another step on scanning my pc for malwares and biruses before opening up any of my wallets, storing your private keys in your PC is not an option anymore.

[TheBeardedBaby]

From a browser software (Mozilla Firefox) to an exclusive security software built for Dell PCs and laptops there are now targeting a lot of softwares/programs outside of the scope of what we used to see. Before we are only just seeing Wallets getting phished and getting tracked on now they are getting more desperate on stealing money from us. If I were you I'll add another step on scanning my pc for malwares and biruses before opening up any of my wallets, storing your private keys in your PC is not an option anymore.

Hardware wallets, that's the key. Using a PC for regular browsing and storing crypto on it with this crazy price variations makes it just an easy target. I have Electrum on my regular PC only to sign and verify messages, so ... Keep your coins save.

[Theb]

From a browser software (Mozilla Firefox) to an exclusive security software built for Dell PCs and laptops there are now targeting a lot of softwares/programs outside of the scope of what we used to see. Before we are only just seeing Wallets getting phished and getting tracked on now they are getting more desperate on stealing money from us. If I were you I'll add another step on scanning my pc for malwares and biruses before opening up any of my wallets, storing your private keys in your PC is not an option anymore.

Hardware wallets, that's the key. Using a PC for regular browsing and storing crypto on it with this crazy price variations makes it just an easy target. I have Electrum on my regular PC only to sign and verify messages, so ... Keep your coins save.

It really is. If people don't have an extra pc that they can stay away from regular browsing then a hardware wallet is the cheapest alternative they can have. And from what I have seen in the past people are so reluctant when it comes to safety of their cryptocurrencies only to find out that they have fallen victim to this vulnerable softwares and spywares.

[TryNinja]

Yikes. My Dell XPS 15 came with this software. Thankfully I installed Ubuntu right after it arrived.

Crazy how there are so many vulnerabilies everywhere (VLC, DELL software, ...) that goes unnoticed. Anything can be vulnerable to attack vectors.
it's sad how we can't just say anymore that we are safe as long as we don't download random stuff over the internet.

[anu1908]

it's sad how we can't just say anymore that we are safe as long as we don't download random stuff over the internet.

yep. basic rule should be:
- beware of closed source apps
- don't download random stuff from the internet

or if you want something extreme, don't get connected to the internet.

[timerland]

In other words if you have Dell laptop, don't use the Dell System Detect and update as soon as possible

Christ. Does this apply only if you have a Dell laptop, or is it PCs as well? In the article it mentions both laptops and PCs but here you only mention laptops, so could there be potentially some further clarification?

I guess to be safe, if you own any dell products, just check anyways.

Yikes. My Dell XPS 15 came with this software. Thankfully I installed Ubuntu right after it arrived.

Crazy how there are so many vulnerabilies everywhere (VLC, DELL software, ...) that goes unnoticed. Anything can be vulnerable to attack vectors.
it's sad how we can't just say anymore that we are safe as long as we don't download random stuff over the internet.

You really got to be extremely careful and stay up to date with these things.

And this is not just something that is brand discriminatory - it can happen to any OS, any manufacturer, any brand. There's a ton of people seem to think that they are protected simply because they use a OS different to windows, or that buying a certain brand's products will mean they can store their coins safely on a machine all of a sudden.

[TheBeardedBaby]

In other words if you have Dell laptop, don't use the Dell System Detect and update as soon as possible

Christ. Does this apply only if you have a Dell laptop, or is it PCs as well? In the article it mentions both laptops and PCs but here you only mention laptops, so could there be potentially some further clarification?

I guess to be safe, if you own any dell products, just check anyways.

Yikes. My Dell XPS 15 came with this software. Thankfully I installed Ubuntu right after it arrived.

Crazy how there are so many vulnerabilies everywhere (VLC, DELL software, ...) that goes unnoticed. Anything can be vulnerable to attack vectors.
it's sad how we can't just say anymore that we are safe as long as we don't download random stuff over the internet.

You really got to be extremely careful and stay up to date with these things.

And this is not just something that is brand discriminatory - it can happen to any OS, any manufacturer, any brand. There's a ton of people seem to think that they are protected simply because they use a OS different to windows, or that buying a certain brand's products will mean they can store their coins safely on a machine all of a sudden.

As I understand every system with installed dell support software is affected, but there is already a patch, so just patch it up and you will be good to go