Millions of Dell laptops, desktops at risk of cyber-attacks due to a bug in a preinstalled software
By MYBRANDBOOK
Dell has found a flaw in laptops and desktops that could have allowed cyber attackers to gain access to the systems. The cybersecurity research team by Sentinel Labs, which spotted the vulnerability, says that millions of Dell laptops and desktops are at risk due to this. The team says that the flaw could have led to a range of cyber-attacks, including a complete system takeover by the hackers. The vulnerability was found in the form of a bug in a pre installed software in Dell laptops and desktops.
As per a report on the vulnerability, the bug could have allowed hackers to get admin-level access to a PC. Once hackers gain this access, they could possibly have installed malware deep inside the system so as to lock a user out of his own machine. The bug was found in the Dell BIOS Utility driver, called DBUtil. A module inside the DBUtil driver is responsible for delivering BIOS updates on Dell laptops and desktops. The security team reported five flaws with the module in the report.
Two of these are memory corruption glitches, two are input validation failures and one logic flaw. Collectively, these flaws could be exploited by hackers for attacking and taking over a target system. The team at Sentinel Labs explains that the Dell BIOS Utility server could be requested by any app or service to gain high-level system permissions. It highlights that even the apps without administrator privileges were able to do so.
The report points out that the shortcoming of the driver was due to the absence of an ‘access control list’. Such lists help restrict non-admin level apps from gaining high-level system access for important tasks. But since that has not been used by Dell, the exposed function control could provide a hacker with such a high-level system access.
However, there is no evidence of anyone abusing the vulnerability as of now. The findings were reported to Dell on December 1 last year. Since then, Dell has released a security update to its customers to address this vulnerability.
Adani Ports to acquire 95% of the Gopalpur Port in Odisha
For ₹13.49 billion, Adani Ports would purchase a 95% ownership in Gopal...
Zoom introduces Workplace to provide AI support during meeting
Zoom Video Communications has announced Zoom Workplace, its AI-powered, op...
22 startups valued above ₹10,000 cr are being run by former
According to Private Circle, around 22 firms founded by former Paytm employ...
Tech Mahindra and IBM to accelerate digital adoption in APAC
Tech Mahindra has announced the opening of a Synergy Lounge, in collabora...
LENOVO GROUP LTD.
FINOLEX INDUSTRIES LTD.
TEJAS NETWORKS INDIA PVT. LTD.
HAVELLS INDIA LTD.
Technology Icons Of India 2023: Debjani Ghosh
Debjani Ghosh is the first woman president of NASSCOM (the umbrella bo...
Technology Icons Of India 2023: Som Satsangi
With more than three decades in the IT Sector, Som is responsible for ...
Technology Icons Of India 2023: Shailendra Katyal
Shailendra is instrumental in Lenovo achieving the no.1 position in PC...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
Leading company into fertilizers in the country
NFL is a dynamic organization committed to serve the farming community...
CERT-IN protecting the cyber security space of India
CERT-In serves in the area of cyber security threats like hacking and ...
SATCOM INFOTECH PVT. LTD.
Satcom Infotech Pvt. Ltd is a distribution houses in security in India...
SUPERTRON ELECTRONICS PVT. LTD.
Supertron deals in servers, laptops, components, accessories and is a...
SONATA INFORMATION TECHNOLOGY LIMITED
Sonata Software Limited is a leading Modernization engineering company...