Dell's BioConnect firmware has multiple major security flaws that left 30 million users vulnerable to cyberattacks.
MIAMI, FL - FEBRUARY 05: A customer looks at a Dell computer on display at the Electric Avenue store on February 5, 2013 in Miami, Florida. Dell Inc. today announced it will be taken private in a deal valued at about $24.4 billion. The company will be acquired by Dell founder and Chief Executive Michael S. Dell and global technology investment firm Silver Lake and Microsoft Corp. will invest $2 billion in the deal.
Security firm Eclypsium released a study revealing that 128 Dell computers, varying from laptops, desktops, and even tablets, are susceptible to being accessed by criminal minds.
According to Wired, firmwares have been opening vulnerabilities to cyber attackers for years. It comes as the foundational computer program does not receive constant security patches. Thus, security flaws sit alongside it for a long time.
With that, the user's devices could be accessed entirely without them noticing.
Dell BioConnect Bug Security Flaw
The security flaw persists even after installing a system that is meant to ease the vulnerability of firmware, such as Microsoft Secured-core PC protections.
Principal analyst of Eclypsium, Jesse Michael, told Wired that the flaws found on the BioConnect are simple to infiltrate. He further likened the process of exploiting it to traveling back to the 90s, wherein softwares are generally easy to hack.
Michael even noted that the application and operating systems have been leveling up their security features rapidly. However, firmware features are not subscribing to the standards that the two have set.
Its extent has led to Microsoft warning other businesses to upgrade the security of firmware as attacks flood.
Dell BioConnect: What is it?
Dell's BioConnect is part of the pre-installed SupportAssist feature of their Windows devices. It primarily helps in troubleshooting issues that the computer experiences.
Meanwhile, the BIOSConnect served as a recovery tool when the operating system is corrupted. Also, it provided updates for Dell's firmware. Update mechanisms such as these are the common targets of attackers as they can easily plant malware through it.
Both features connect to the cloud system of Dell. However, with this mere process alone, it has birthed multiple security flaws.
Dell BioConnect Four Security Flaws
The researchers have found four vulnerabilities that could lead to attacking an individual's device. The hackers will only need a single target. Then, they could remotely access a device through its firmware.
Although the security flaws did not pave the way for planting malware on a large scale, criminal minds could use it to attack one user at a time.
Furthermore, the absence of monitoring of the firmware could benefit the hackers to be undetected.
Read Also: Windows 10 Upgrade Camera Issue on Dell PCs: Here's What Causes Cam's Problem and How to Fix It
Dell BioConnect: How to Fix?
Dell said that users with auto-updates turned on will automatically get the quick fix of the security flaw. The company vowed to release an update within the day.
Otherwise, users will have to disable the BIOSConnect feature by accessing the BIOS setup page by following these steps.
- Press F2 upon turning on the laptop of the computer
- Click Update
- Select Recovery
- Press BIOSConnect
- Then, click Switch to Off.
Elsewhere, Dell is planning to expand its hybrid cloud services in Thailand.
Related Article: Dell G15 Ryzen Gaming Laptop Brings Back AMD After a Decade; Expected to Sell at $899.99 on May 13
This article is owned by Tech Times.
Written by Teejay Boris
