Komputer jenama DELL sedang mengalami masalah keselamatan yang serius

 Ironinya sejak 12 tahun yang lepas masalah itu telah wujud tapi hanya dapat ditemukan baru-baru ini sahaja. Laporan mengenai penemuannya pada 04 May 2021 seperti berikut:

Dell desktops, laptops, and tablets built since 2009 and running Windows can be exploited to grant rogue users and malware system-administrator-level access to the computers. We're told this amounts of hundreds of millions of machines that can be completely hijacked.

This is made possible by five security vulnerabilities in Dell's dbutil_2_3.sys driver, which it bundles with its PCs. These are grouped under the label CVE 2021-21551, and they can be abused to crash systems, steal information, and escalate privileges to take total control. These programming blunders can only be exploited by applications already running on a machine, or a logged-in user.

"While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, with hundreds of million of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action," warned Kasif Dekel, a senior security researcher at SentinelOne who helped find the holes.

The flaws are within Dell's firmware update driver, and are fairly simple to abuse. Essentially, Dell's driver accepts system calls from any user or program on a machine; there are no security checks nor an access control list to see if the caller is sufficiently authorized or privileged. These system calls – specifically, IOCTL calls – can instruct the kernel-level driver to move the contents of memory from one address to another, allowing an attacker to read and write arbitrary kernel RAM. At that point, it's game over: the machine can be commandeered at the operating-system level, a rootkit installed, and so on.

The driver even allows anyone to make x86 I/O port reads and writes, granting access to the underlying hardware. In all, there are two memory corruption bugs, two instances of a lack of input validation, and one logic error – some are relatively easy and some tricky to exploit in practice. The SentinelOne team demonstrated a proof-of-concept attack on video, and aren't releasing any exploit code until June 1 to allow time to patch.

"Allowing any process to communicate with your driver is often a bad practice since drivers operate with the highest of privileges; thus, some IOCTL functions can be abused 'by design,'" they noted.

Dell has emitted a patched driver, and accompanying FAQ on the issue, after the bug hunters reported the flaws in December. The fix will also be pushed out from May 10.

"Dell has remediated the dbutil driver and has released firmware update utility packages for supported platforms running Windows 10, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent and Dell Platform Tags," the computing behemoth said.

"For supported platforms on Windows when you install a remediated package containing the BIOS, Thunderbolt firmware, TPM firmware, or dock firmware; or update Dell Command Update, Dell Update, or Alienware Update; or install the latest version of Dell System Inventory Agent or Dell Platform Tags."

The infosec researchers note Dell hasn't rescinded the code-signing certificate for the insecure Windows driver yet. We've asked Dell if or when this is likely to occur and will update you accordingly.

Ini jelas memberi message kepada kita bahawa keselamatan penggunaan mobile phone, pelbagai apps, komputer, internet atau segala yang berkaitan IoT hanya betul-betul selamat jika tanpa jaringan internet. Oleh sebab itu, data penting anda perlu dipastikan disimpan pada device yang tidak bersambung dengan capaian internet.

Entah apa lagi masalah keselamatan yang dihadapi oleh pelbagai jenama dan masih belum ditemukan sehingga ke hari ini dan tahun-tahun mendatang. Sedangkan ramai pelajar, pekerja dan individu sangat bergantung dengan capaian internet.

Keselamatan data anda bukan hanya melibatkan antara negara, malah di dalam negara sendiri setiap individu perlu memastikan data anda tidak dapat di akses oleh pihak kedua. Data anda direkodkan dalam pelbagai bentuk antaranya seperti berikut:

1. Teks
2. Gambar
3. Audio
4. Video
5. Co-ordinate
6. Masa
7. Lokasi
8. Tarikh
9. Contacts
10. Calendar
11. Reminder
12. Bluetooth
13. Local network
14. Microphone
15. Speech recognition
16. Camera 
17. Health
18. Research Sensor & Usage Data
19. Homekit
20. Media & Music
21. Files & Folders
22. Motion & Fitness
23. Kekerapan
24. Jangka masa penggunaan
25. Cap jari

Banyak lagi yang boleh diambil dari data anda dan ianya hanya betul selamat jika data tersebut tidak pernah dihubungkan ke internet atau tiada pihak kedua yang mengetahui kecuali anda sahaja. Oleh sebab itu sedarilah betapa banyak data anda telah, sedang dan akan diperolehi oleh pihak kedua, ketiga atau tular di internet.

Cara terbaik menjaga data anda sudah tentu tidak menghubungkannya dengan internet.