Flaw in Dell Software Leaves Computers Vulnerable to Hacks

Flaw in Dell Software Leaves Computers Vulnerable to Hacks

Owners of Dell laptops might want to dust off the company’s bundled software update tool. There’s a critical update addressing a flaw that could allow an attacker to take over your system simply by sending you to a compromised website. Amusingly, the bug is in Dell’s own remote support tool that is supposed to help the company fix your laptop. In this case, it’s breaking things. That’s only slightly less bizarre than Asus pushing malware with its support tools.

The attack relies on tricking a user into visiting a particular website configured by the perpetrator. There, custom JavaScript fools the Dell software into running files of the attacker’s choosing. Someone could use this to steal data, install ransomware, or add the computer to a botnet. You can see a demo of the vulnerability in the video below.

There is at least a shred of good news. Your system is only vulnerable if the attacker is on the same local network where they can use ARP Spoofing. That’s not exactly an insurmountable task. Public Wi-Fi networks are a prime target, as are large corporate networks where someone can quietly plug in and launch an attack. A remote attacker may also be able to fool the SupportAssist tool by compromising a user’s router.

Dell issued the patch on April 23, but many users are probably conditioned to ignore popups and alerts from Dell’s bundled software — it’s usually not important. This is one of those times when you really need to update, though.

To its credit, Dell responded to the report by Demirkapi and took quick action to patch the vulnerability. SupportAssist v3.2.0.90 is available as a direct download on Dell’s site as well as a push installation via the company’s bundled software.

Continue reading

NASA’s Mars Helicopter Remains Grounded Awaiting Software Fix
NASA’s Mars Helicopter Remains Grounded Awaiting Software Fix

NASA previously said the Ingenuity helicopter would take to the Martian skies over the weekend, but the agency announced late Friday that liftoff was delayed until at least April 14 because of a software issue.

Software Bug Delays Ingenuity Helicopter’s 4th Mars Flight
Software Bug Delays Ingenuity Helicopter’s 4th Mars Flight

This appears to be the same issue that caused the delay in Ingenuity's first flight timeline. NASA says it's planning to try this one again today, and we should know in a few hours whether or not it was successful.

OnePlus Confirms No OnePlus 9T in 2021, New Android Software Coming
OnePlus Confirms No OnePlus 9T in 2021, New Android Software Coming

OnePlus has announced that it's not doing a T-series update to the OnePlus 9. The next time OnePlus releases a phone, it'll be running a new version of Android that replaces the current Oxygen OS.

VW Software Conveniently Helps Drivers Cheat Emissions Tests, Again
VW Software Conveniently Helps Drivers Cheat Emissions Tests, Again

The software tricks emissions tests into thinking the vehicle is coughing out as little as one-fifteenth the amount of nitrogen oxide it really is.