Critical vulnerability found in HP & Dell laptops affects millions of enterprises

Reports on the detection of new vulnerabilities are constantly appearing, affecting multiple commonly used and specialized technology developments and products. One of the most recent vulnerability testing reports refers to the way some laptops use memory, a feature that could be abused by hackers to execute malicious code on the target system.

These flaws are based on Direct Memory Access (DMA), a processing efficiency approach found in most modern laptops. This feature allows users to read and write directly to the device’s memory, optimizing the function of hardware components and the use of peripheral devices, although it exposes memory to a large number of attacks.

Although the industry established as standard practice the manufacture of trusted hardware, these measures have not yet become widespread in the laptop market, which poses a serious security threat to users. Recently, a vulnerability testing team from firm Eclypsium released a report detailing a method to abuse this feature on two different laptops, manufactured by HP and Dell.

One of the most serious features regarding this report is the ability to trigger these attacks by simply connecting a peripheral device to the potentially vulnerable computer.

For example, on the attack laptop (model XPS 13), the researchers managed to abuse a default BIOS configuration that enabled some modules for the use of the Thubderbolt interface, connected via USB to the target device, to inject code malicious in the boot process. The vulnerability was tracked as CVE-2019-18579; Dell released a BIOS update for remediation. 

On the other hand, on the analyzed HP laptop (model ProBook 640 G4) vulnerability testing experts had to open the machine, since this model has a feature that prevents unauthorized code injection at startup.  The complexity of this attack is greatly increased by the need for physical access and knowledge about the physical structure of the device.

After opening the laptop, the experts replaced the M.2 wireless card with a XIlinx SP605 FPGA development platform, which was later connected to an attacking machine. This attack depends on modifying the system memory during the boot process, bypassing the pre-installed security features on the device. HP also fixed this flaw through a BIOS update.

It is highly likely that other options in the laptop market will also be vulnerable to these attacks, so manufacturers are advised to monitor potential attack campaigns and prepare security updates as soon as possible.