Cisco Talos discovers a critical security flaw in the Dell ControlVault security system. More than a hundred models are vulnerable, primarily Latitude and Precision laptops.
More than a hundred different Dell laptop models are at risk due to a serious security flaw in ControlVault. Researchers from Cisco Talos discovered several critical vulnerabilities in the security system. Dell has since rolled out a firmware update that owners of the brand’s laptops should install as soon as possible.
Dell uses ControlVault to store sensitive information such as passwords and biometric login data. The five vulnerabilities discovered by Cisco are in the underlying Broadcom chip. Attackers could exploit the vulnerabilities to tamper with the firmware. No cases of exploitation are known.
Latitude and Precision
The ControlVault system is built into many Dell laptops for the business market. Dell’s list of vulnerable models includes more than a hundred different laptops. These mainly come from the Latitude and Precision series, but some newer Pro Plus and Pro Max models are also susceptible.
read also
Dell rearranges business PC portfolio with a strong hint of Apple
Because the vulnerability can affect Dell’s business models, the risk is high according to Cisco. These are often used in sectors where security is important, such as government or cybersecurity. In such environments, laptops are often unlocked using a smart card or NFC authentication via ControlVault.
The flaw allows changes to be made to the ControlVault firmware without logging in. An attacker who gains access to the system can modify the firmware so that the breach remains invisible, even after a Windows reinstallation. Additionally, attackers with physical access can make changes via a USB connector or manipulate the firmware to accept any fingerprint, provided that feature is enabled.
Not just Software
Fortunately, the flaw was already known to Dell, and a patch was developed and rolled out with Broadcom in June, confirms the laptop maker to The Register. Those with automatic Windows updates enabled will likely have already applied the patch. If not, Dell and Cisco advise not to wait any longer. Until the patch is installed, it is wise not to connect a fingerprint, smart card, or NFC reader to your device.
Dell users can take additional measures. Windows offers Enhanced Sign-in Security options to detect unsafe firmware versions. Furthermore, some Dell laptops allow chassis intrusion detection to be enabled via the BIOS. Unexplained crashes of Windows Biometric Services can also indicate a compromise. Installing the patch is the only definitive solution.
According to Cisco researcher Philippe Laulheret, this example illustrates that security is not just a software issue. Hardware must also be continuously monitored for vulnerabilities.