PSA: Those who own a Dell computer may want to check to be sure they are running the latest version of SupportAssist (version 220.127.116.11). A vulnerability was recently discovered that could leave the system open to ARP spoofing and RCE attacks. Those using the app should install the patch immediately.
Laptops, tablets, and computers installed with the Dell SupportAssist app could be exposed to Remote Code Execution (RCE) attacks. SupportAssist monitors and detects issues with the system, automatically downloads and installs needed drivers, and can start a support ticket with Dell. Support technicians can then call the user to diagnose and fix problems.
According to 17-year-old Bill Demirkapi, a self-proclaimed security researcher, SupportAssist has flaws (CVE-2019-3718 and CVE-2019-3710) that can allow attackers using address resolution protocol (ARP) spoofing to execute RCE exploits. After luring the user to a malicious webpage, the hacker can add the targeted computer to a botnet, install ransomware or any other type of malware, or steal the user's data.
The attacker does have to be on the same network as the targeted system, which is some consolation. However, it makes places with a hotspot like coffee shops a prime location for the attack. Demirkapi made a video demonstrating the exploit (above).
Dell was made aware of the security hole and issued a patch last month on April 23. However, as a pre-installed, third-party application — often referred to as "bloatware" — its updates are likely ignored by many users. SupportAssist only comes pre-installed with computers shipped with Microsoft Windows. Dell computers with Linux or no OS are not impacted.
To ensure they are not at risk, Dell customers should update to SupportAssist v18.104.22.168, which is available from the company's support website. Users may also choose to uninstall the app if they don't feel they need it.