A wide range of vulnerabilities affects millions of Dell laptops used by government agencies, cybersecurity professionals, and enterprises worldwide.<\/p>\n
The vulnerabilities, collectively dubbed \u201cReVault,\u201d target the Broadcom BCM5820X security chip embedded in Dell\u2019s ControlVault3 firmware, creating opportunities for attackers to steal passwords, biometric data, and maintain persistent access to compromised systems.<\/p>\n
The vulnerabilities affect more than 100 different models of Dell laptops, primarily from the business-focused Latitude and Precision series that are widely deployed in sensitive environments.<\/p>\n
These devices are commonly found in cybersecurity companies, government facilities, and rugged deployments where enhanced security features like smartcard and NFC authentication<\/a> are essential.<\/p>\n Dell ControlVault serves as a \u201chardware-based security solution that provides a secure bank that stores your passwords, biometric templates, and security codes within the firmware,\u201d according to the company. <\/p>\n The system operates on a separate daughter board called a Unified Security Hub (USH), which connects various security peripherals, including fingerprint readers, smart card readers, and NFC devices.<\/p>\n Cisco Talos researchers identified five distinct vulnerabilities<\/a> in the ControlVault3 and ControlVault3+ systems:<\/p>\n All vulnerabilities received CVSS scores above 8.0, classifying them as \u201chigh\u201d severity threats. The combination of these flaws creates particularly dangerous attack scenarios that security experts warn could have far-reaching consequences.<\/p>\n The most concerning aspect of the ReVault vulnerabilities is their potential for establishing a persistent compromise that remains undetected even after a complete Windows reinstallation.<\/p>\n According to the researchers, a non-administrative user can interact with ControlVault firmware through Windows APIs to trigger arbitrary code execution, allowing attackers to extract cryptographic keys and permanently modify the firmware.<\/p>\n \u201cThis creates the risk of a so-called implant that could stay unnoticed in a laptop\u2019s ControlVault firmware and eventually be used as a pivot back onto the system in the case of a threat actor\u2019s post-compromise strategy,\u201d the Talos team explained<\/a> in their technical disclosure.<\/p>\n The persistent nature of these attacks represents a significant escalation in firmware-based threats, as the malicious code resides below the operating system level, where traditional antivirus solutions cannot detect or remove it.<\/p>\n Beyond remote exploitation, the vulnerabilities also enable devastating physical attacks. Researchers demonstrated that an attacker with brief physical access to a laptop can open the chassis and directly access the USH board via USB using a custom connector.<\/p>\n\nReVault Attack \u2013<\/strong> Five Critical Vulnerabilities<\/strong>
\n<\/h2>\n\n
![\"Attack](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhJx43sbJSgFbm_rMiHNyGI6N6IVsAUK1l_1-2vGh3vh3l87tWAihsH733DNpxnLO2RdG4Wu5Wty1F6A6CIP5aCy0f1gpIs0URc-m9ZnBPaOPNKImCkcgjtKU8qC3O5wQsttbvjRvY4-xDEIcIA-ZWzq3IBGfVHWYLugIrigc5rhl20mkZEuP8FejXA5Fme\/w640-h411\/Attack%2520Scenario.webp?ssl=1\")