WARNING to all DELL users. Security Flaw in Pre-Installed Dell Support Software.

TheBeardedBaby

legendary

Activity: 2212

Merit: 3148

₿uy / $ell ..oeleo ;(

Quote from: timerland on June 25, 2019, 04:36:31 PM

Quote from: TryNinja on June 24, 2019, 03:36:36 PM

Yikes. My Dell XPS 15 came with this software. Thankfully I installed Ubuntu right after it arrived.

Crazy how there are so many vulnerabilies everywhere (VLC, DELL software, ...) that goes unnoticed. Anything can be vulnerable to attack vectors. Undecided

it's sad how we can't just say anymore that we are safe as long as we don't download random stuff over the internet.

You really got to be extremely careful and stay up to date with these things.

And this is not just something that is brand discriminatory - it can happen to any OS, any manufacturer, any brand. There's a ton of people seem to think that they are protected simply because they use a OS different to windows, or that buying a certain brand's products will mean they can store their coins safely on a machine all of a sudden.

As I understand every system with installed dell support software is affected, but there is already a patch, so just patch it up and you will be good to go

timerland

hero member

Activity: 1526

Merit: 596

Quote from: TryNinja on June 24, 2019, 03:36:36 PM

Yikes. My Dell XPS 15 came with this software. Thankfully I installed Ubuntu right after it arrived.

Crazy how there are so many vulnerabilies everywhere (VLC, DELL software, ...) that goes unnoticed. Anything can be vulnerable to attack vectors. Undecided

it's sad how we can't just say anymore that we are safe as long as we don't download random stuff over the internet.

You really got to be extremely careful and stay up to date with these things.

And this is not just something that is brand discriminatory - it can happen to any OS, any manufacturer, any brand. There's a ton of people seem to think that they are protected simply because they use a OS different to windows, or that buying a certain brand's products will mean they can store their coins safely on a machine all of a sudden.

anu1908

sr. member

Activity: 770

Merit: 268

Quote from: TryNinja on June 24, 2019, 03:36:36 PM

it's sad how we can't just say anymore that we are safe as long as we don't download random stuff over the internet.

yep. basic rule should be:
- beware of closed source apps
- don't download random stuff from the internet

or if you want something extreme, don't get connected to the internet.

TryNinja

legendary

Activity: 2758

Merit: 6830

Yikes. My Dell XPS 15 came with this software. Thankfully I installed Ubuntu right after it arrived.

Crazy how there are so many vulnerabilies everywhere (VLC, DELL software, ...) that goes unnoticed. Anything can be vulnerable to attack vectors. Undecided

it's sad how we can't just say anymore that we are safe as long as we don't download random stuff over the internet.

Theb

hero member

Activity: 1680

Merit: 655

Quote from: TheBeardedBaby on June 24, 2019, 11:36:23 AM

Quote from: Theb on June 24, 2019, 11:15:46 AM

From a browser software (Mozilla Firefox) to an exclusive security software built for Dell PCs and laptops there are now targeting a lot of softwares/programs outside of the scope of what we used to see. Before we are only just seeing Wallets getting phished and getting tracked on now they are getting more desperate on stealing money from us. If I were you I'll add another step on scanning my pc for malwares and biruses before opening up any of my wallets, storing your private keys in your PC is not an option anymore.

Hardware wallets, that's the key. Using a PC for regular browsing and storing crypto on it with this crazy price variations makes it just an easy target. I have Electrum on my regular PC only to sign and verify messages, so ... Keep your coins save.

It really is. If people don't have an extra pc that they can stay away from regular browsing then a hardware wallet is the cheapest alternative they can have. And from what I have seen in the past people are so reluctant when it comes to safety of their cryptocurrencies only to find out that they have fallen victim to this vulnerable softwares and spywares.

TheBeardedBaby

legendary

Activity: 2212

Merit: 3148

₿uy / $ell ..oeleo ;(

Quote from: Theb on June 24, 2019, 11:15:46 AM

From a browser software (Mozilla Firefox) to an exclusive security software built for Dell PCs and laptops there are now targeting a lot of softwares/programs outside of the scope of what we used to see. Before we are only just seeing Wallets getting phished and getting tracked on now they are getting more desperate on stealing money from us. If I were you I'll add another step on scanning my pc for malwares and biruses before opening up any of my wallets, storing your private keys in your PC is not an option anymore.

Hardware wallets, that's the key. Using a PC for regular browsing and storing crypto on it with this crazy price variations makes it just an easy target. I have Electrum on my regular PC only to sign and verify messages, so ... Keep your coins save.

Theb

hero member

Activity: 1680

Merit: 655

From a browser software (Mozilla Firefox) to an exclusive security software built for Dell PCs and laptops there are now targeting a lot of softwares/programs outside of the scope of what we used to see. Before we are only just seeing Wallets getting phished and getting tracked on now they are getting more desperate on stealing money from us. If I were you I'll add another step on scanning my pc for malwares and biruses before opening up any of my wallets, storing your private keys in your PC is not an option anymore.

rhomelmabini

hero member

Activity: 2002

Merit: 578

Quote from: TheBeardedBaby on June 24, 2019, 09:22:05 AM

Good to know that those kind of threads really help, I'm keeping eye on the many security topics so maybe it will be useful to post important flaws/vulnerabilities here. Just wondering if this is a good place them.

There isn't/aren't a specific guideline/s where to post these kind of threads base on https://bitcointalksearch.org/topic/unofficial-list-of-official-bitcointalkorg-rules-guidelines-faq-703657. I guess it will still be appropriate to post here or maybe Meta? If there will be a childboard for B&H just for warnings related to software and hardware security that will be a nice feature.

TheBeardedBaby

legendary

Activity: 2212

Merit: 3148

₿uy / $ell ..oeleo ;(

Good to know that those kind of threads really help, I'm keeping eye on the many security topics so maybe it will be useful to post important flaws/vulnerabilities here. Just wondering if this is a good place them.

rhomelmabini

hero member

Activity: 2002

Merit: 578

Seen this one on "Forbes" website about their blog for cybersecurity. I want to post it here as well for the bitcointalk users to know especially those DELL users but I was getting out of time and moreover I really forgotten this one. Thanks for the heads up @iasenko.

Juggy777

hero member

Activity: 2646

Merit: 686

Quote from: TheBeardedBaby on June 24, 2019, 07:13:58 AM

Warning to all DELL users.

Quote

Dell's SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information.

Quote

With this high-level privileges, the utility interacts with the Dell Support website and automatically detects Service Tag or Express Service Code of your Dell product, scans the existing device drivers and installs missing or available driver updates, along with performing hardware diagnostic tests.
However, researchers at SafeBreach Labs discovered that the software insecurely loads .dll files from user-controlled folders when run, leaving a spot for malware and rogue logged-in users to corrupt existing DLLs or replace them with malicious ones.

In other words if you have Dell laptop, don't use the Dell System Detect and update as soon as possible

Quote

Dell Business and home PC users are recommended to update their software to Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2 respectively.

Link for the update >
https://www.dell.com/support/article/no/no/nodhs1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en

The source.

Keep your coins save!

@iasenko thanks for this important update as I’m using a dell laptop, and would have suffered a lot had hackers been able to access my system. Dell should have emailed all it’s clients about this, and it’s a shame they didn’t send any warning to us. When I brought a dell laptop I thought I was buying from a premium brand which would keep my data safe, but when I read about this I feel disappointed in dell and it’s services.

TheBeardedBaby

legendary

Activity: 2212

Merit: 3148

₿uy / $ell ..oeleo ;(

Warning to all DELL users.

Quote

Dell's SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information.

Quote

With this high-level privileges, the utility interacts with the Dell Support website and automatically detects Service Tag or Express Service Code of your Dell product, scans the existing device drivers and installs missing or available driver updates, along with performing hardware diagnostic tests.
However, researchers at SafeBreach Labs discovered that the software insecurely loads .dll files from user-controlled folders when run, leaving a spot for malware and rogue logged-in users to corrupt existing DLLs or replace them with malicious ones.

In other words if you have Dell laptop, don't use the Dell System Detect and update as soon as possible

Quote

Dell Business and home PC users are recommended to update their software to Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2 respectively.

Link for the update >
https://www.dell.com/support/article/no/no/nodhs1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en

The source.

Keep your coins save!

Topic: WARNING to all DELL users. Security Flaw in Pre-Installed Dell Support Software. (Read 223 times)