Explore the hidden security risks of pre-installed software in a 34-minute conference talk from Recon 2019. Delve into the world of "bloatware" and its potential for Remote Code Execution and Local Privilege Escalation vulnerabilities. Examine specific cases involving Dell's "SupportAssist" and Lenovo's "Service Bridge" driver update tool, uncovering critical security flaws that affected millions of users. Analyze the delicate balance between user convenience and system security, gaining insights into the often-overlooked dangers lurking in third-party software that comes bundled with new PCs. Learn about the discovery process and implications of these vulnerabilities, expanding your understanding of potential attack vectors beyond just operating system weaknesses.
Overview
Syllabus
Recon 2019 - The Unseen Dangers of Bloatware by Bill DemirKapi
Taught by
Recon Conference