Dell’s Pre-installed Software Makes Your PC Vulnerable to Hackers

A young security researcher named Bill Demirkapi has discovered that Dell’s pre-installed software leaves computers and laptops open to hijacking.

The said vulnerability exists in the Dell SupportAssist app’s remote code execution. The software is used for updating drivers, adjust settings and clean out unused files. But after making certain modifications to the app, hackers can misuse it to install malware into your computer or take over your PC.

This exploit, however, is not open to any hacker out there as only attackers on the same local network as your PC can do it. Also, you have to visit a website controlled by the attacker to fully execute the hijack.

How it Works

The attackers simply need to trick the user into clicking on a website. The website then runs malicious JavaScript code which is usually hidden inside ads on legitimate websites, which then allows the attacker to gain the access he needs.

Here’s a demonstration video by Bill Demirkapi, showing how the attack works.

Fix

Dell, meanwhile, has responded to this by releasing a new patch; SupportAssist v3.2.0.90. Users are advised to update their SupportAssist app as soon as possible. If you haven’t received the patch yet, we advise you to uninstall the app until you get it.



  • >