ReVault: When Your “Security Chip” Needs a Security Chip of Its Own
Security researchers (Cisco Talos) disclosed “ReVault”—a set of five flaws in Dell ControlVault3 (a Broadcom-based security chip and its Windows APIs) used in 100+ laptop models. Chained together, the bugs could let attackers bypass Windows login, extract keys and persist in firmware even after an OS reinstall. Dell has issued patches; users should update, or disable ControlVault features (e.g., fingerprint, smart card, NFC) if not required. Physical-access attacks are also possible via the USH board, so hardening and tamper alerts are advised. The research was presented at Black Hat USA.
If you own a recent Dell laptop, your built-in security vault may need… extra security. Researchers have revealed ReVault, a cluster of firmware and API bugs in ControlVault3—the little co-processor that stores biometrics, passwords and crypto keys. In short: the lock had a few loose screws.
What’s the risk?
By chaining the flaws, an attacker could skip Windows sign-in, lift cryptographic secrets, and even hide in firmware so the menace survives a full OS reinstall. That’s not garden-variety malware; that’s couch-surfing in your motherboard. Over 100 Dell models with Broadcom BCM5820X chips are affected. There’s no evidence of in-the-wild exploitation so far, but it’s serious enough to merit immediate patching.
How would they do it?
ControlVault3 talks to Windows via specialised APIs. Researchers showed that a mix of memory-safety bugs (out-of-bounds, deserialisation, buffer overflow) can be combined for privilege escalation, login bypass and stealthy persistence. With physical access, a determined attacker could even poke the Unified Security Hub (USH) board directly. Lovely.
What should you do now?
• Patch from Dell straight away.
• If you don’t use them, disable ControlVault-dependent features (fingerprint, smart card, NFC).
• Consider enabling chassis-intrusion alerts and Windows Enhanced Sign-in Security where supported. Then make a cuppa and breathe.
Bottom line: ReVault is a reminder that “secure” silicon still needs software hygiene. Keep firmware updated and only enable features you actually need.