Written by Tim Starks
Since 2009, vulnerabilities have lurked in Dell drivers that potentially affect hundreds of millions of machines, SentinelOne researchers said on Tuesday.
Hackers could use the vulnerabilities to instigate a range of attacks, from ransomware to wipers that can erase hard drives, said J.A. Guerrero-Saade, principle threat researcher at the security firm.
“They can basically do whatever they want,” Guerrero-Saade told CyberScoop.
Dell released mitigation steps on Tuesday in advance of SentinelOne publishing its research.
Those flaws sitting undiscovered for 12 years is not unheard of, despite a whole industry of security researchers dedicated to weeding out bugs that could abet cyberattacks. A 2017 study found that a quarter of zero-day vulnerabilities remain hidden for more than nine and a half years.
In the case of the Dell flaws, Guerrero-Saade said their dormant nature reflects a “target-rich environment,” especially as it pertains to drivers that allow computers to communicate with hardware. The same phenomenon makes it difficult to access the full scope of the Dell vulnerabilities, he said, but SentinelOne determined the consistent presence of the drivers over the course of 12 years’ worth of equipment.
SentinelOne made its discovery only because a senior security researcher at the company, Kasif Dekel, happened to have a Dell laptop.
“It’s not like somebody gives you a guide and says, ‘These are all the drivers that we load on these machines over this span of time,’” Guerrero-Saade said. “It’s a really opaque environment.”
One thing that makes the vulnerabilities less severe is that attackers would have to have access to an individual device or server. But having access to a server would give a hacker the equivalent power of a system administrator for an organization, Guerrero-Saade said.
“We have seen no evidence this vulnerability has been exploited by malicious actors to date,” said Katie Taylor, a spokesperson for Dell.