Well-known security company SafeBreach Labs in California has revealed that many Windows 10 computers are at risk of being hacked by a manufacturer. The vulnerability lies on PC-Doctor Systembox analysis software installed on many devices. In particular, notable to mention the world’s largest computer company Dell, subsidiary Alienware, Staples and Corsair.
Dell alone shipped nearly 60 million computers last year. The company said PC-Doctor Toolbox is customized as SupportAssist available on most products sold.
Dell computers are at high risk of malicious code infection because the software is preinstalled. Photo: Dell.
On March 29, SafeBreach detected a serious error that allowed hackers to change the DLL to inject malicious code into the computer, thereby completely controlling the system. Dell later confirmed and released a patch at the end of last month.
SupportAssist is a software for diagnosing system hardware health status. Therefore, it has access to physical memory, PCI, SMBios and many other sensitive details. When injecting malicious code into this tool, hackers clearly have many opportunities to control user computers.
The affected module on SupportAssist is a version of PC-Doctor Toolbox. It is also found on devices from other manufacturers such as Corsair, Staples or Tobii. Although the parties have been actively looking for solutions, they cannot solve the problem.
SafeBreach has just discovered more similar cases. Windows 10 users didn’t know they were in danger because they believed using the original software of the manufacturer.
Hackers can “inject” malicious code into DLL files. Photo: Safebreach.
Forbes recommends that customers when purchasing new computers need to check the default programs. If you are not technically savvy, you can ask someone to support you, or go to a specialized store to remove unnecessary software.
Microsoft cannot interfere with the manufacturer’s original software installation process. This makes Windows inherently many problems become less secure.
Redmond giant has pledged its commitment to “control, quality and transparency” after many scandals, but it seems that it is not enough.
Recently, the US National Security Agency (NSA) issued a notice calling for people to upgrade to the latest Windows 10 to avoid security errors. Accordingly, older versions like Windows 7 and Vista and XP appear to have a serious Bluekeep vulnerability on the Remote Destop Services service.
It was compared to the 2017 WannaCry malicious attack that left many companies around the world paralyzed and hurt billions of dollars.