What is BIOSConnect?īIOSConnect is a feature in the low-level firmware, the Unified Extensible Firmware Interface (UEFI), of Dell computers that allows users to perform recovery operations and firmware updates over the internet from outside the operating system.
ĭell has started releasing BIOS/UEFI updates for the affected models and advises everyone to deploy those updates using alternative firmware update methods, not the impacted feature called BIOSConnect.
The vulnerabilities were discovered by researchers from Eclypsium, a company that specializes in hardware and firmware security, and will be fully disclosed during a presentation in August at the DEF CON security conference. The over-the-internet firmware update and OS recovery feature present in 128 Dell computer models suffers from certificate validation and other flaws that could allow man-in-the-middle (MitM) attackers to compromise the devices at the firmware level and deploy malicious implants.