Security News > 2021 > June > 30M Dell Devices at Risk for Remote BIOS Attacks, RCE
A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said.
When BIOSConnect attempts to connect to the backend Dell HTTP server to perform a remote update or recovery, it enables the system's BIOS to reach out to Dell backend services over the internet.
An attacker with a privileged network position can intercept that connection, impersonate Dell and deliver attacker-controlled content back to the victim device.
"Machine-in-the-middle attacks are a relatively low bar to sophisticated attackers, with techniques such as ARP spoofing and DNS cache poisoning being well-known and easily automated," according to the report.
"Additionally, enterprise VPNs and other network devices have become a top target of attackers, and flaws in these devices can allow attackers to redirect traffic. And finally, end-users working from home are increasingly reliant on SOHO networking gear. Vulnerabilities are quite common in these types of consumer-grade networking devices and have been exploited in widespread campaigns."
The groundwork effort to carry out an attack is likely a positive tradeoff for cybercriminals, given that a successful compromise of the BIOS of a device would allow attackers to establish ongoing persistence while controlling the highest privileges on the device.