Dell has been accused of having such a bad app, that it allows hackers a backdoor to any device the app has been installed to.
Security expert Tom Forbes wrote (opens in new tab)on his blog that the Dell Service Tag Detector app is so insecure that it creates a backdoor on machines it is installed upon.
He says that the app caries a Remote Code Execution (RCE) risk which, if true, can create a door for hackers to smuggle malware onto the vulnerable system.
"The little 'Dell Service Tag Detector' program that they push people to download on the Dell.com website does a lot more than just detect service tags - it gives Dell access to your entire machine, allowing them to download and install software and collect system information without you knowing," Forbes told El Reg.
"Their security check was pretty much "if 'Dell is in the referrer then do anything they want", so a hacker could trigger a request from "hacker.com/dell" and it would be verified, meaning they could trigger it to download and run any executable from any web address with no prompts, as well as collecting system information and uploading files from the victims computer," he added.
In response to queries, Dell issued a statement denying that it ever installed backdoors on PCs it supplies.
“Dell has a long-standing commitment to design, build and ship secure products and quickly address instances when issues are discovered. A key Dell priority is the protection of customer data and information, which is reflected in our robust and comprehensive privacy and information security program and policies. We take very seriously any issues that may impact the integrity of our products or customer security and privacy.
Should we become aware of a possible vulnerability in any of Dell’s products we will communicate with our customers in a transparent manner as we have done in the past.
Dell does not work with any government to compromise our products to make them vulnerable for exploit, including through ‘software implants’ or so-called ‘backdoors.”