Researchers discover series of vulnerabilities affecting millions of Dell devices

Eclypsium researchers discovered four vulnerabilities in the BiosConnect functionality of Dell computers. If exploited in series, these vulnerabilities pose a high risk. Dell has been notified since March and recommends a BIOS update.

The vulnerabilities were found in Dell’s BiosConnect functionality. This is a feature of the SupportAssist software that comes preinstalled on most Dell computers. Via BiosConnect, users can perform a recovery of the operating system and/or update the firmware of the affected computers. “The computer connects to Dell’s servers for this,” the researchers said. “In this process, we discovered a series of four vulnerabilities that could allow attackers to initiate arbitrary code execution at the bios level.”

According to the researchers, malicious parties can influence the loading process of the operating system and disable security mechanisms to remain noticed. They state that 129 models are at risk. According to them, that is more than 30 million Dell devices. The researchers provide more information on their blog page. Full technical details will be revealed in August at the DEF CON 29 hacker conference, which will take place in Las Vegas from August 5-8.

Dell explains on a support page that it has since been able to fix two of the four vulnerabilities because they were on the server side. For the other two vulnerabilities, Dell recommends updating the BIOS of the Dell device manually, and not through the BIOSConnect software.