New Dell Private Key Vulnerability Discovered by LMG Security Researcher
Missoula, MT – August 10, 2023 – LMG Security, an internationally recognized cybersecurity consulting firm, has discovered a new vulnerability involving a Dell static encryption key. Any adversary with access to Dell Compellant software can use this key to decrypt the administrative credentials for VMware’s vCenter and leverage this access into a complete takeover. This type of vulnerability can easily be used in a zero-day attack. Discovered by Tom Pohl, LMG Security’s penetration testing team manager, the information on this Dell private key vulnerability is being released at Pohl’s DEFCON session, “Private Keys in Public Places.”
“Attackers are looking for private keys,” said Tom Pohl, penetration testing team manager at LMG Security. “While we were doing a penetration test, I discovered a static AES encryption key within the Dell’s Compellent Integration Tools for VMware (CITV). Once I retrieved the AES key, I was able to use it to decrypt the vCenter administrative credentials and gained complete access over their VMware environment.”
“This key is the same for EVERY customer!” Pohl continued. “If a criminal leverages this Dell private key vulnerability, they could use it against any of Dell’s customers. Firmware and software binaries are littered with private keys that are hidden but not necessarily secured. We need to raise awareness of the risks stemming from this attack vector.” This discovery was reported to Dell with the standard 90-day window to fix the issue before this announcement. The public can also download a copy Pohl’s DEFCON slides with more information on this and other private key vulnerabilities.
Pohl says that if criminals find old, private keys for many firmware devices they can use them to breach the systems of a wide array of organizations. From there, they can expand their access and privileges to take control of the victims’ networks. Software vendors should take steps to secure these private keys, and organizations should always be vigilant about checking the security controls used by their current and prospective suppliers. Pohl also recommends organizations conduct penetration testing at least annually, so expert white hat hackers can identify your security gaps before an attacker breaches your environment. Please visit LMGsecurity.com for more information on LMG Security’s penetration testing or advisory services.
ABOUT LMG Security
LMG Security is an internationally recognized leader in the cybersecurity consulting industry. This full-service cybersecurity firm provides one-stop shopping for a wide array of cybersecurity services. Specializing in penetration testing, advisory and compliance services, cybersecurity solutions, and training for more than a decade, the LMG Security team’s services were featured on the Today show. In addition, the team has published cutting-edge research on cell phone intrusion detection and banking Trojans, written books on ransomware and cyber extortion, network forensics, and data breaches, and routinely speak or train at Black Hat, RSA and many other security conferences. LMG Security is privately held and headquartered in Missoula, Montana. For more information visit LMGsecurity.com.