Most computers purchased today come with a ton of pre-installed apps and programs provided by the manufacturers. A lot of them are generally things you’ll never use but some of them can be useful, like Dell’s SupportAssist program, which automatically scans your Dell computer or laptop for driver updates and installs them. Recently a major vulnerability has been discovered in this software, which leaves your computer open to attack from hackers. This issue affects most recent Dell’s that have the SupportAssist client version prior to 3.2.0.90 installed. Dell has now acknowledged the issue and has released an update to fix it.

The issue was discovered by a 17-year old security researcher named Bill Demirkapi, who has chronicled his findings in his blog post. According to the post, Demirkapi stumbled upon this when he purchased a Dell G3 15 gaming laptop. He upgraded the bundled hard drive to an SSD, after which he had to re-install Windows and other utilities from Dell. Dell’s SupportAssist program intrigued him since the program is designed to automatically check for system and driver updates, which means it has administrator access to modify critical parts of the operating system.

The way in which this can be exploited is when the SupportAssist software makes a request to Dell’s website, in order to check for new drivers, a hacker could intercept the request and re-direct it to a rogue website, thereby installing malicious code on your machine, instead of the legitimate update. For this to work, the hacker needs to be on the same local network as you so while this might not affect people on private work networks, it can be an issue when you use public Wi-Fi networks such as school campuses, airports or coffee shops.

This vulnerability was first identified back in October 2018. Dell later confirmed the vulnerability and finally released a fix for it last month. If you’re Dell computer or laptop is using SupportAssist for updates and the version is below 3.2.0.90, download the latest version from Dell website immediately to safeguard your computer.

Dell sells an average of 10 Million computers per quarter – over 40 million per year so this is not considered a “small” security problem. You can read additional information on The Verge link below.

Read more on the Verge:
https://www.theverge.com/2019/5/3/18528822/dell-support-assist-security-vulnerability-flaw-hackers