Particle.news

Download on the App Store

ReVault Firmware Flaws in Over 100 Dell Laptops Publicly Disclosed, Patches Now Available

Security researchers urge enterprises to install available patches to prevent firmware implants that persist after OS reinstalls

Image
Dell
A Dell laptop is seen for sale in a store in Manhattan, New York City, U.S., November 24, 2021. REUTERS/Andrew Kelly/File Photo
Image

Overview

  • Cisco Talos revealed five critical ReVault vulnerabilities in the Broadcom BCM5820X ControlVault3 module during an August 5–6 public disclosure ahead of its Black Hat presentation
  • The flaws allow attackers to implant persistent backdoors in firmware, bypass Windows login and escalate to Admin/System privileges even after reinstalling the operating system
  • Physical attacks can succeed when a local adversary connects directly to the Unified Security Hub board over USB and manipulates fingerprint authentication to accept any input
  • Dell issued firmware updates for affected models between March and May, distributing them via Windows Update and its support site, and there is no evidence of in-the-wild exploitation
  • Cisco Talos recommends disabling unused ControlVault services and biometric logins and enabling Windows Enhanced Sign-in Security alongside BIOS chassis intrusion alerts for layered defense