Security researchers at Cisco Talos discovered critical vulnerabilities in Dell's ControlVault3 hardware security module that affect over 100 Dell laptop models[^1]. Called "ReVault," these five vulnerabilities allow attackers to compromise the system in two main ways:
-
Post-compromise persistence: A non-administrative user can exploit the Windows APIs to execute arbitrary code on the ControlVault firmware, steal security keys, and modify the firmware to maintain access even after Windows reinstallation[^1].
-
Physical attack: An attacker with physical access can directly connect to the Unified Security Hub board via USB, bypass login credentials and disk encryption, and even trick the fingerprint reader into accepting any fingerprint[^1].
The affected ControlVault3 and ControlVault3+ modules are primarily found in Dell Latitude and Precision business laptops used in cybersecurity, government, and other security-sensitive environments[^1].
Key mitigations include:
- Installing the latest firmware updates
- Disabling unused security peripherals
- Enabling chassis intrusion detection
- Using Windows Enhanced Sign-in Security (ESS)
- Monitoring for suspicious crashes in Windows Biometric Service[^1]
[^1]: Cisco Talos - ReVault! When your SoC turns against you…