Eclypsium, a security company focused on hardware and firmware, has released a public report after responsibly disclosing multiple vulnerabilities in the BIOS for Dell devices. Dell’s BIOSConnect feature, allowing for emergency network-based recovery in the case of a disk failure, is vulnerable to a Man-in-the-Middle (MitM) attack. Impersonating the official backend server could allow an attacker to send a malicious firmware update to the vulnerable system. Eclypsium currently estimates that 129 Dell laptop, tablet and desktop models are vulnerable to this type of attack, affecting roughly 30 million devices.
Analyst Notes
With BIOS-level access, an attacker could persist even after an operating system re-installation. Although MitM attacks can be difficult to pull off, they aren’t impossible and attacks against devices like VPN appliances which control the flow of network traffic are becoming commonplace. Binary Defense highly recommends following the advice given by Dell and updating the BIOS without the use of the BIOSConnect feature. A list of affected models and instructions on updating the BIOS can be found in Dell advisory DSA-2021-106.
Source: https://eclypsium.com/2021/06/24/biosdisconnect/