After Superfish it was the turn of the Dell Detect System - check if you are vulnerable

If you use Dell System Detect software, cybercriminals can use your computer to remotely execute your own code - this is what users warn on their Malwarebytes blog.

We have a scandal related to the Superfish software behind us. The Korean company Lenovo installed the Superfish application on the computers / laptops it made, which task was to inject targeted advertising. The essence of the problem and the affair associated with it was not just in the ads, but in the way Superfish did it ... the ads were injected on the principle of MiTM attack.

In order to be able to inject a contextual advertisement into an HTTPS connection, it installs its SSL certificate on the client's system (own CA) and redirects the browser's user's browser traffic. In this way, without the "broken padlock" effect, you can view the content of HTTPS encrypted connections. - niebezpiecznik.pl

Recent reports on Dell are not as serious as in the case of Lenovo, but this is the second in such a short time that only strengthens the belief that the preinstalled applications of the hardware manufacturer are not only a bad idea due to system performance, but also because of your network security.

Malwarebytes, F-Secure and Tom Forbes

Malwarebytes employees in recent days received messages from the Malwarebytes Anti-Malware program to identify older versions of Dell System Detect as an unwanted application - PUP (Potential Unwanted Program).

Dell System Detect is a program running on computers with Windows or tablets, enabling better and more personalized customer support. The program automatically detects the service tag of the used equipment. Dell uses it to search for product information: system configuration and end of warranty period. In addition, Dell System Detect automatically checks and verifies drivers for newer versions and enables remote diagnostics through the Dell.com technical website.

From the research conducted by Tom Forbs and experts from the F-Secure laboratory , it appears that each version of Dell System Detect, apart from the latest 6.0.14, is vulnerable to attack that allows local programs (ordinary and malicious) to be launched remotely. On the computers of users using the F-Secure antivirus software, almost 100,000 Dell System Detect installations were identified, of which only less than one percent of them were updated to the latest version 6.0.14.

F-Secure adds that the Dell System Detect application allows you to run local applications, but the security mechanism is not fully thought out - not to use fraud, the Dell System Detect application could run programs only if there was a corresponding call to the Dell server in the domain containing the string 'dell' characters. F-Secure proved that, in fact, Dell System Detect version 5.4.0.4 checked if the called address was "dell", but the attack could be carried out using any other domain, for example "www.notreallydell.com". Dell Detect System 6.0.9 contained a similar error that was accepted by sites such as "a.dell.fakesite.ownedbythebadguys.com". The latest version 6.0.14 only accepts the domain "* .dell.com".

Both F-Secure, Malwarebytes and Dell itself recommend that you update the Dell Detect System to the latest version . We, for your part, we recommend removal if you do not use the application.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.