Eclipse security researchers have identified four consecutive flaws that allow remote control of 129 models of Dell PCs, laptops and tablets. They also include professional and consumer devices. In total, this represents more than 30 million terminals worldwide.
Also found in the video:
The first drawback is BIOSConnect, an online service that automatically downloads UEFI firmware updates from an HTTPS / TLS connection.
Unfortunately the verification of the certificate is flawed. An attacker on the same local network can intercept traffic, impersonate Dell servers, and insert cheated updates. The other three flaws can be found in the UEFI update and system recovery procedures. They belong to the “buffer memory overflow” category and allow arbitrary coding at the firmware level.
By connecting the first defect and the other third, complete control of one terminal can be obtained. Fortunately, fixes are already available from Delhi.
Obviously, Eclipse does not recommend installing them automatically, as this may result in the use of vulnerable BIOSConnect service. It is better to download and install them manually.
Source : Eclipse
Professional bacon fanatic. Explorer. Avid pop culture expert. Introvert. Amateur web evangelist.
More Stories
Acrylic Nails for the Modern Professional: Balancing Style and Practicality
The Majestic Journey of the African Spurred Tortoise: A Guide to Care and Habitat
Choosing Between a Russian and a Greek Tortoise: What You Need to Know