A serious bug has been detected by a security researcher in the Dell System Detect software provided by Dell.
Dell users are recommended to use a software known as “Dell System Detect” to download the correct drivers for their machine. Dell users might be very much familiar with a “Dell Support Page” which helps user to get all the latest drivers for their machine. Now users can configure their machine from this site by entering the Dell Service Tag, which can be either found on a sticker somewhere on user’s machine or through clicking the shiny blue “Detect Product” button. Once the button is clicked it prompts user to download and install the “Dell System Detect” program, this is used to auto fill the service tag input and then user can see the relevant drivers for their machine.
However, security researcher Tom Forbes discovered a serious flaw in this software of Dell which may help the attackers by providing a backdoor to enter the target computer. With the help of this backdoor the hackers and cyber crooks will be able to attack the target computer by executing malicious files.
In his blog Tom Forbes says: “While investigating this rather innocuous looking program I discovered that it accepts commands by listening for HTTP requests on localhost:8884 and that the security restrictions Dell put in place are easily bypassed, meaning an attacker could trigger the program to download and install any arbitrary executable from a remote location with no user interaction at all.” Forbes had informed Dell privately about this flaw in their software in November 2014 and Dell had immediately took steps to fix this bug. Forbes received an intimation that Dell’s Internal Assessment team is investigating on the issue. By January 2015 Dell informed Forbes that they have fixed the issue by “introducing additional validation and obfuscation”.
Forbes says that the PoC bug which he had discovered seems to have been fixed however he was still doubtful regarding the quality of this validation provided by Dell. Forbes feels that Dell simply changed the ‘if dell in referrer’ to ‘if dell in referrer domain name’ hence now it may be a bit harder for the cyber crooks to exploit however there are chances as the software is not fool proof. Also in an interview Forbes told El Reg: “An attacker could trigger the program to download and execute an arbitrary file without any user interaction” He also added: “The little ‘Dell Service Tag Detector’ program that they push people to download on the Dell.com website does a lot more than just detect service tags – it gives Dell access to your entire machine, allowing them to download and install software and collect system information without you knowing.”
When El Reg asked Dell about this Dell said: “We take very seriously any issues that may impact the integrity of our products or customer security and privacy. Dell does not work with any government to compromise our products to make them vulnerable for exploit, including through ‘software implants’ or so-called ‘backdoors’.”
Forbes initially informed Dell in private and the matter was fixed within a span of two months and its just a couple of days back on March 23rd that Forbes made this issue public. As of now it does seem that the backdoor could possibly be unintentional and users can still use Dell System Detect software to update their machine to the latest version.