The five critical vulnerabilities were named “ReVault” by Talos, and are found in Broadcom’s ControlVault3 firmware, as well as associated Windows application programming interfaces (APIs) on a range of Dell business laptops.
On June 13, Dell disclosed these vulnerabilities impacting Dell Pro, Latitude, and Precision laptop models.
ControlVault3 is a hardware-based security module found in many Dell laptops, including Latitude, Precision, and XPS models. It provides a secure environment for storing and processing sensitive data such as user passwords, biometric information, security codes, and encryption keys.
Ironically enough, USH – which is used for heightened login security by users in sensitive industries – has turned out to be a weak link in the defence chain, potentally allowing for undetectable malicious implants on laptops.
Talos researcher Philippe Laulheret found that attackers who gained initial system access can exploit the vulnerabilities to establish persistent and permanent access on the devices.
In one scenario, compromised ControlVault firmware could leak cryptographic keys for device security.
If an attacker can extract the keys, this can allow for firmware modification, creating the possibility of permanent access that survives a complete clean operating system reinstallation, Talos noted.
Physical access to laptops, left, for example, in hotel rooms by visitors, add to the risk.
Attackers can open up laptop chassis and connect directly to the USH with universal serial bus (USB) custom connectors.
Doing so bypassess physical security completely, rendering full-disk encryption passwords vulnerable along with system credentials.
Tampering with the firmware can also be used by attackers to make fingerprint sensors accept any print, rather than ones belonging to legitimately enrolled users.
Over 100 actively supported Dell laptop models, mainly from the business-oriented Latitude and Precision ranges, are vulnerable to the ReVault flaw.
Talos advised administrators to prioritise firmware updates to reduce exposure to ReVault.
The vulnerabilities affect firmware that manages ControlVault3, one of the most recent versions of a technology that Dell uses to securely store sensitive data such as passwords, encryption keys and fingerprint scans on certain Dell Latitude and Precision business laptop models. They also impact associated Windows application programming interfaces (APIs).
