Dell Bios: Multiple vulnerabilities in systems

Dell Bios: Multiple vulnerabilities in systems

Both Dell and the BSI warn of vulnerabilities in some Dell systems that make it easier for attackers to penetrate and damage the system. This vulnerability affects both private and business customers. What to do now?

If you are the owner of a Dell device, we recommend that you first check for available updates. Dell already provides a comprehensive update for most of your devices. If this update is not yet available for your device, be even more careful than you hopefully already are. In concrete terms, this means: don't log into any public networks for the next few days, avoid going to insecure websites and also be extra careful with attachments that come by mail.

But why?

Systems where vulnerabilities have become known are popular targets for attackers. Especially if they are devices like Dell's, which are among the most popular computer brands, not only in Germany, but worldwide. Therefore, it is clear that Dell is rightly concerned about the security of its users - not only to prevent damage to its image, but also to show: although we were fallible and something happened to us, we communicate honestly and transparently and, above all, act quickly.

What can happen when you log into a public network?

The worst thing that can happen is that an attacker imitates a public network. As a concrete example, let's give you the following situation: You are at Munich airport, have checked in your luggage, have passed through the security scanners and are now sitting in the terminal. Boarding for your flight won't start for another 45 minutes, you take your business laptop out of your briefcase to answer e-mails, to work on a PowerPoint presentation for a customer in your office program, and in the digital age, of course, the device needs Internet. Your laptop shows you that there are several wifi spots in its vicinity. Twice you see the following: "Free Wlan Munich Airport" and the requirements for logging in are the same: Name, email address, checkmark read privacy policy, option whether to sign up for a newsletter or not and confirm the information. Now how do you figure out which is the "right" airport wifi? Here lies the devil, literally in the detail: one should make the effort to really look at the texts of the data protection notice. If there are many spelling mistakes or even just some placeholders, like "Lorem ipsum", you have found the "Evil Twin". You can also display the log-in page in different languages, most attackers will not make the effort to store all the languages that the original port can.

Evil Twin - what are the risks?

If you have logged into an Evil Twin, i.e. you have logged into the attacker's wifi, what can happen to you? Well, you hand over a lot of data to an attacker, he can also infect you with malware through the wifi, he can direct you to false, fake websites. As you can see, the possibilities that you can have with an Evil Twin are many-sided and scary. And if a laptop or even a smartphone is not up to date or has vulnerabilities, you are even more vulnerable.

If you have any questions about this topic or have any questions in general in the field of cyber security, please do not hesitate and just write to us via info@qcyberlab.com, we are looking forward to your message.




Contact us now