Dell recently warned its users about a devastating attack targeting new its PCs and laptops. Hackers are using this opportunity to launch remote attacks on your systems.
A recent report states that a glitch in Dell’s SupportAssist app facilitates remote cyber attacks. The SupportAssist app basically diagnoses security issues in your system, debugs them and updates your Dell drivers. This tool is shipped with each new purchase of a Dell device.
Surprisingly, anyone can exploit this vulnerability to get complete control of your system. This is because the SupportAssist app runs on our systems as an admin.
The glitch was first reported by Bill Demirkapi, a researcher who is just 17 years old. Thankfully, the company was quick to release an update to the SupportAssist.
Remote Code Execution on most of all Dell machines https://t.co/p8fYv9X6tJ
— Bill Demirkapi (@BillDemirkapi) April 30, 2019
Avoid connecting to compromised networks
In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network. Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.
Dell recently named this vulnerability CVE-2019-3719 and acknowledged that the bug has a high severity. National Vulnerability Database ranked it at number 8.
It is worth mentioning that a Dell machine that is connected to a compromised Wi-Fi network or public Wi-Fi is the prime target of attackers. Hackers can easily gain access to your Dell laptop by tricking you to click on a malicious ad or a link.
If you are interested to know how it is done, the researcher posted a Proof of concept on GitHub. He also published a video that demonstrates how an attacker executes remote code on a Dell system.
Download SupportAssist update ASAP
As mentioned before, this vulnerability specifically targets Dell systems. Therefore, if you own a Dell laptop you should update your SupportAssist as soon as possible. The update is important because it will save you from potential attacks.
First, download the update through the Dell support page. Once the installer is downloaded on your system, run it to update your system to the latest version.
It is important not to click on any malicious links received via email or other means. That is the only way you can avoid such attacks.
However, this issue does not affect Dell systems shipped without an operating system.
RELATED ARTICLES YOU NEED TO CHECK OUT:
- Microsoft Azure, VMware and Dell enter a new Hybrid Cloud era
- Chrome vulnerability lets hackers collect user data via PDF files
- Dell got hacked, advises users to change passwords