Source: Cisco Talos Blog
Author: Philippe Laulheret
URL: https://blog.talosintelligence.com/revault-when-your-soc-turns-against-you/
ONE SENTENCE SUMMARY:
Talos revealed multiple vulnerabilities in Dell’s ControlVault3 firmware, posing significant security risks across over 100 laptop models.
MAIN POINTS:
- Reported vulnerabilities in ControlVault3 firmware and Windows APIs termed “ReVault.”
- Vulnerabilities affect over 100 Dell laptop models, primarily in Latitude and Precision series.
- ReVault attack enables persistence even after Windows reinstalls.
- Physical compromise grants attackers admin privileges without login credentials.
- Vulnerabilities include out-of-bounds, arbitrary free, stack-overflow, and unsafe deserialization issues.
- Attack scenarios include post-compromise pivot and physical tampering.
- Significant risk of leaking key security material and unnoticed firmware implants.
- Attackers can exploit vulnerabilities by accessing the USH board.
- Recommended mitigation involves keeping systems updated and disabling unused security peripherals.
- Detection includes enabling chassis intrusion via BIOS and monitoring Windows logs for anomalies.
TAKEAWAYS:
- Regularly update firmware and software to mitigate vulnerabilities.
- Disable unused security features like fingerprint login to reduce risk.
- Enabling chassis intrusion detection can help identify physical tampering.
- Monitoring Windows logs can detect signs of potential compromise.
- Proactive risk assessments are vital for maintaining secure hardware and software environments.