I just got a telephone call from a service scheduler informing me that the replacement R410 motherboard I received several weeks ago contains spyware in its embedded systems management firmware, and wanting to schedule an additional service call for a tech to come clean it off.
Unfortunately since the person calling was non-technical, she was unable to provide a lot of details. But I do believe the call to be legitimate as she had the service tag of one of my systems which did indeed receive a motherboard replacement recently.
Does Dell have an official article documenting this issue and laying out further details and the potential risks? Obviously it causes me grave concern be informed of a vulnerability but not have all of the technical details, especially when they asked to be able to schedule the service call to resolve the issue at least ten business days in the future.
My name is Daisy Nguyen. I'm the IT Director for the Computer Science Department in Columbia University. We have nearly one hundred R410 servers for research computation. Professor Sethumadhavan in our department forward the infected motherboard information to me and ask if we can get a loan from Dell for one of this motherboard for us to study it. Prof. Sethumadhavan's group works on securing hardware systems. They have recently published ground-breaking work on securing CPUs from malicious attacks (www.theregister.co.uk/2010/05/12/tamper_evident_microprocessor/) Information regarding the motherboard malware, injection/spreading techniques, and other technical/social aspects of the injection will be valuable to researchers working in the area of hardware security at Columbia under Prof. Sethumdahavan's guidance, and also to the broader secure hardware research community (Bike Online Shop Fahrradteile & Bike Parts Bike Parts). We will happily acknowledge Dell in research publications that may result from analysis of the motherboard and/or any defenses developed to protect these motherboards. Could you please look into this for us or provide a name of someone in Dell organization who we can contact regarding this. My contact information is listed below.
Thank you for your help,
Director, Computing Research Facilities
Computer Science Department
Maybe you should try to use the contact form!
Interesting. Definitely gotta say someone other than a customer service rep should be looking into this call. And I do customer service myself at shakeology! Typically we usually pass these tasks up the chain to management and they will reach out to you, I hope Dell does the same.