Dell laptops with Broadcom chips have five security flaws that could let attackers take over tens of millions of devices. The flaws are in Broadcom BCM5820X chips used in over 100 Dell laptop models, mostly in the Latitude and Precision series. The chips are part of ControlVault3, which stores sensitive data like passwords and fingerprints.
Cisco Talos researchers found the flaws and told Dell. Dell released updates in June to fix the issues. An attacker could use the flaws to steal data and put a backdoor in the laptop’s firmware.
They could do this remotely if they get non-admin access.
Latitude and Precision chip update
Or they could open the laptop and plug into the chip if they have physical access, even without logging in.
The flaws affect laptops used a lot in cybersecurity and government. Dell said to update right away. The researchers said it shows the need to look at security in hardware parts that handle sensitive data, not just software.
Dell said they fixed it fast and told customers. Broadcom did not comment. The researchers will share more details at the Black Hat security conference.