By AJ Vicens
(Reuters) -A flaw in the chips used to secure tens of millions of Dell laptops could have given attackers the ability to steal sensitive data as well as maintain access even after a fresh operating system install, researchers with Cisco Talos said Tuesday.
The previously unreported analysis, validated by Dell in a June security advisory, affected more than 100 models of Dell laptops, according to the company, and targeted a chip in the computer that stores passwords, biometric data and security codes, and installs fingerprint, smartcard and near-field communications drivers and firmware.
There is no indication that the vulnerabilities have been exploited in the wild, according to the researchers, and Dell issued patches for the devices in March, April and May, with an overall security advisory published June 13.
The vulnerabilities are specific to the Broadcom BCM5820X chip used by Dell in its ControlVault security firmware and software. The flaw affects laptop models common in the cybersecurity industry and government settings, according to Philippe Laulheret, the senior vulnerability researcher at Cisco Talos who discovered and led the analysis.
“Sensitive industries that require heightened security when logging in (via smartcard or NFC) are more likely to find ControlVault devices in their environment,” Laulheret wrote in a blog published Tuesday ahead of a presentation of the analysis at the Black Hat security conference in Las Vegas scheduled for August 6.
The findings highlight the need for more security research focused on computer hardware tasked with handling biometrics and other sensitive data, said Nick Biasini, head of outreach at Cisco Talos.
“These concepts of secure enclaves and using biometrics and these various other types of technologies are getting more and more widespread,” Biasini said. “It’s becoming commonplace on devices but it also introduces a new attack surface.”
A spokesperson for Dell said in a statement that the company addressed the issues “quickly and transparently,” and directed customers to the June 13 advisory. “As always, it is important that customers promptly apply security updates that we make available and move to supported versions of our products to ensure their systems remain secure,” the spokesperson said.
Broadcom declined to comment.
(Reporting by AJ Vicens in DetroitEditing by Nick Zieminski)
