If you are a Dell user, then beware. Your system is vulnerable to hackers, they can access it remotely. A 17-year old independent security researcher, Bill Demirkapi discovered remote code execution vulnerability in a pre-installed software Dell Support Assist. Dell Support Assist or which was known as Dell System Detect checks the health of computer’s both software and hardware.
Dell Support Assist is Flawed, Hackers can use it to Trick Users into Downloading Malware
This utility was designed to interact with Dell Support website and it automatically detects Express Service Code or Service Tag of your Dell product. It scans the existing drivers in the system and installs any available or missing updates.
It also performs hardware diagnostic tests. Now you may have the question about its working procedure. In the background, Dell Support Assist runs a web server locally on the user system. It can be on port 8884, 8885, 8886 or 8883. It accepts different commands as URL parameters in order to perform some of the predefined tasks on the computer. These tasks will include the collection of detailed system information or downloading the software from any remote server and install it on the system.
Dell Support Active restricts any other commands that users give other than “dell.com” and its subdomains. But Bill Demirkapi explained that there are so many ways to bypass these protections and hack the system.
He posted a video which shows how easy it is to install the malware from a remote server on Dell computers. This malware will give them access to everything present on the system. The hacker can trick and make the user download any malware with the help of Dell Support Assist.
Dell customers are advised to update Dell Support Assist or uninstall it completely from the user. It is important for them to take this step before hackers misuse their systems.