Solved

Uncommanded BIOS upgrade

Posted on 2014-01-29
2
341 Views
Last Modified: 2016-11-23
I have a fairly new Dell Latitude E5530 laptop.  It's never been used by anyone.  We had purchased it for a specific project and then that project was cancelled.

I was using it a week or so ago to diagnose our new Internet connection.  We had a new ISP and I was having trouble getting the new connection to work with our firewall.  While talking with the ISP's tech support they asked me to grab a laptop and plug it in directly to the modem...which I did.  I was concerned about connecting it directly to the Internet but I was diligent about not leaving it connected for more than a few minutes at a time.  After each test was completed I would unplug it from the modem while awaiting further instructions from the ISP tech.

At some point, the screen went black.  At first I thought it had shut down due to a depleted battery issue.  But then I could see it came back on and started booting.  The next thing I knew it appeared it was performing a BIOS upgrade.  Now I am concerned about whether it's safe to connect this system to our LAN and expose our network to possible malicious software embedded in the BIOS.

Do some Dell systems perform uncommanded BIOS upgrades???

Should I restore it to factory settings?  I'm not sure doing that will help if the BIOS has been compromised.
0
Comment
Question by:Kerry Wilson
2 Comments
 
LVL 70

Accepted Solution

by:
garycase earned 500 total points
Comment Utility
Restoring to factory settings won't have any impact on the BIOS.

The downloadable Dell BIOS updates work very nicely -- you just run them & they reboot the system and do the upgrade.

HOWEVER ... they do NOT do this unattended.    If you didn't do it ... and nobody else did either; then something is definitely "fishy."

I'd download the current Dell BIOS for that laptop (A13) -- on a different system;  then copy it to that laptop via a USB flash (NOT via network);  then run the update.   Let it replace the current BIOS -- even if it's already A13 -- and then you can be confident that you have the correct BIOS.

You may then want to do a factory restore, just to ensure the OS is also "pristine".

Did you by any chance allow the factory tech to control the laptop while you were working on it??     If so, it's probably likely that he did the BIOS upgrade and it simply installed the next time you rebooted.    But it certainly won't hurt to be diligent and both re-flash the BIOS and restore the OS to its factory state.
0
 

Author Comment

by:Kerry Wilson
Comment Utility
A local network admin I know suggested the factory settings resolution.  Thank you for confirming that won't help if the BIOS has been compromised.  I'm sure he didn't think about that and I didn't think to ask him.

The ISP tech was not controlling the laptop.  We were just using it to confirm he could "see" it connected to the modem and could ping it.

I will take your suggestion and re-flash the BIOS using the procedure you outlined.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

As hardware bugs go, this is a strange one! I upgraded a laptop in December 2011 with a 512GB Crucial m4 2.5-inch/9.5mm SATA Solid State Drive (SSD), Crucial part number CT512M4SSD2: http://www.crucial.com/store/partspecs.aspx?IMODULE=CT512M4SSD2 …
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now