Dell refused to establish ‘insecure autoupdate app’


Dell has refused to construct trapdoors into its hardware after a security researcher discovered an insecure update assistant app.According to Tom Forbes, the Dell Service Tag Detector app is unprotected and it creates an indirect access on devices it is installed upon.

Forbes has also declared that the app comprises a Remote Code Execution (RCE) risk which would create a means for hijackers to run malware onto vulnerable systems. The hijackers could provoke the program to download and execute an arbitrary file without any user’s consent.

“The little ‘Dell Service Tag Detector’ program that they push people to download on the Dell.com website does a lot more than just detect service tags – it gives Dell access to your entire machine, allowing them to download and install software and collect system information without you knowing,” Forbes told El Reg.

The issue was reported to Dell in November. In response to queries from El Reg, Dell issued a statement refusing that it ever installed trapdoors on PCs it supplies.

Dell has a long-standing commitment to design, build and ship secure products and quickly address instances when issues are discovered. A key Dell priority is the protection of customer data and information, which is reflected in our robust and comprehensive privacy and information security program and policies. We take very seriously any issues that may impact the integrity of our products or customer security and privacy.

Should we become aware of a possible vulnerability in any of Dell’s products we will communicate with our customers in a transparent manner as we have done in the past.

Dell does not work with any government to compromise our products to make them vulnerable for exploit, including through ‘software implants’ or so-called ‘backdoors.

The statement given by Dell does not identify security concerns that Forbes raises about Dell Service Tag Detector. Forbes and other security researchers require clarification.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...