Researchers in security sections have released details about two vulnerabilities in the Western Digital and SanDisk SSD Dashboard application.
This issue allows users to run arbitrary code on their computers.
Both applications are utility tools that help users to monitor the performance of SSDs, as well diagnose problems and collect troubleshooting information.
“Using a network capture running on the same computer as the app, it was clear that the application uses HTTP instead of HTTPS for communication with SanDisk site”
When Dashboard makes a request for available updates it receives an XML file with the latest version number available for the utility.
An attacker intercepting the update request could change the release version, which triggers the update process. Bu providing an IP address for the hosing server, an attacker could push malware to the victim’s system and execute it.
Rakhmanov found the bug after dumping strings from the main binary file – SanDiskSSDDashboard.exe.
One of the strings caught his eye and prompted an investigation into where it was used. It turned out that the string was a hardcoded password used for encrypting report information.
The password is the same for every installation, so an attacker intercepting the report could read all the data included, which could be personally identifying information or some other type of confidential details.