A serious vulnerability has been identified in certain Dell business laptops, potentially exposing users to significant security risks. The flaws, discovered by cybersecurity experts, allow attackers to circumvent password protection, obtain administrative privileges, and maintain persistent control even after a system reinstall. The vulnerability, known as ReVault, targets the ControlVault3 and ControlVault3+ firmware.
ControlVault acts as a hardware security module, providing secure storage for sensitive data such as passwords, fingerprint information, and security codes. This module is implemented in Dell’s Latitude, Precision, and Rugged series laptops, which are common in governmental and corporate settings.
**Which Dell Models Are Affected?**
More than 100 Dell laptop models are susceptible to this vulnerability. Key models include:
**Latitude Series:** 5440, 5500, 5520, 5530, 5540, 5550, 7030 Rugged Extreme, 7200 2-in-1, 7330, 7400, 7430, 7450, 7520, 7640, 9330, 9410, 9440 2-in-1, 9450, 9510 2-in-1, 9520, Rugged 7220EX, and others.
**Precision Series:** 3470, 3550, 3560, 3570, 3580, 3590, 5470, 5490, 7540, 7560, 7670, etc. If you own a Dell laptop from the business series, immediate update checks are essential.
**Attack Methodology:**
A standard user can introduce malicious code into ControlVault by employing the Windows API. This code can remain operational even after the operating system is reinstalled. If an attacker gains physical access, they can directly plug into the USH board to bypass authentication. The fingerprint sensor can also be manipulated to accept any fingerprint.
**Mitigation Strategies:**
**Immediate Firmware Update:**
* ControlVault3: Update to version 5.15.10.14 or later.
* ControlVault3+: Update to version 6.2.26.36 or later.
* Obtain and install updates via Windows Update or the Dell support website.
**Disable Unused Security Features:**
If you do not utilize fingerprint scanning, smart cards, or NFC, disable these features via the Windows Service Manager or Device Manager.
**Avoid Biometric Authentication in Vulnerable Environments:**
Refrain from using fingerprint login during travel and utilize robust passwords or PINs with Windows Enhanced Sign-In Security (ESS).
**Activate Chassis Intrusion Detection:**
* Enable this feature in the BIOS settings to promptly detect any potential tampering.
* If biometric or credential services exhibit repeated crashes, execute an immediate security scan.