DELL VULNERABILITY: HOW TO
PREVENT SUCH REMOTE
HACKING ACTIVITY?
G’ SECURE LABS
25 Jul 2019
security@gsecurelabs.com
1
www.gsecurelabs.com
www.gsecurelabs.com
Do you ever wonder about the pre-built software in your computer? What will happen if it
affects your security? What is the worst-case scenario? A pre-installed piece in your computer
can pose a serious security risk. Let us understand it from a recent example of Dell breach, a
well-known technology company, dealing in hardware and software systems.
Dell is an American multinational computer technology company with their core expertise in
hardware and software. A global company that designs, develops, and manufactures personal
computers (PCs) and a variety of computer-related products.
Dell SupportAssist, formerly known as Dell System Detect, checks the health of your computer
system’s hardware and software. The objective to have this utility in system is


Interact with the Dell Support website and automatically detect Service Tag or Express
Service Code of your Dell product
Scan the existing device drivers and install missing or available driver updates
Perform hardware diagnostic tests
Bill Demirkapi, a young (17-year-old) independent security researcher discovered a critical
remote code execution vulnerability in the Dell SupportAssist utility.
Now, how Dell SupportAssist actually works? It runs a web server locally on the user system,
using one of the port from 8884, 8883, 8886, or port 8885. Further, it accepts various
commands as URL parameters to perform some-predefined tasks on the computer. These
tasks include like activities like collecting detailed system information or downloading a
software from remote server and installing it on the system.
2
www.gsecurelabs.com
“An unauthenticated attacker, sharing the network access layer with the vulnerable system,
can compromise the vulnerable system by tricking a victim user into downloading and
executing arbitrary executable via SupportAssist client from attacker hosted sites,”
Multinational computer technology company Dell said in an advisory.
However, our next gen cyber security services can prevent the above-identified ARP attack
through detection and remediation process based on IOC and IOA. By analyzing digital
footprint, we can prevent such attacks using digital forensic and fraud management
techniques. As far as an enterprise network infrastructure is concerned, we can1. Automate threat correlation system and prevent attacks using AI driven threat Intel
and behavioral analysis.
2. Find such attack using proactive threat hunting service (Security Analytics to detect
unknown and hidden threats).
3. Monitor network devices and endpoint devices to find the risks in the environment.
4. Block threat in the environment using IOC / IOA.
After knowing the fact, Dell has patched an improper origin validation (CVE-2019-3718)
vulnerability in the Support Assist software. This will help their users to prevent from CSRF
(Cross-Site Request Forgery) attack in their systems.
3
www.gsecurelabs.com
Global HQ
Maria Montessorilaan 5, 2719 DB Zoetermeer,
The Netherlands
India Headquarters
Pune Office
B/81, Corporate House,
Judges Bunglow Road,
Bodakdev, Ahmedabad - 380054. India.
103, Pride House, 1st Floor,
S. No. 108/7, Pune University Road,
Pune- 411016, India.
Phone : +91 79 2685 2554 / 55 / 56
E-mail : hello@gsecurelabs.com
www.gsecurelabs.com
Confidentiality Clause:
This document and any files with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information.
4 not the intended recipient, please destroy all copies of the document. Any unauthorized review, use, disclosure,
www.gsecurelabs.com
If you are
dissemination,
forwarding, printing or copying of this document or any action taken in reliance on this document is strictly prohibited and may be unlawful.
Copyright © Gateway Group