This article has been indexed from CSO Online
The over-the-internet firmware update and OS recovery feature present in 128 Dell computer models suffers from certificate validation and other flaws that could allow man-in-the-middle (MitM) attackers to compromise the devices at the firmware level and deploy malicious implants. The vulnerabilities were discovered by researchers from Eclypsium, a company that specializes in hardware and firmware security, and will be fully disclosed during a presentation in August at the DEF CON security conference.
Dell has started releasing BIOS/UEFI updates for the affected models and advises everyone to deploy those updates using alternative firmware update methods, not the impacted feature called BIOSConnect.
Read the original article: Flaws in Dell’s over-the-air device recovery and update impacts millions of devices