ReVault! Compromised by your Secure SoC
Philippe Laulheret
Hexacon 2025 · Day 2 · Main Stage
In this Hexacon presentation, Philippe Laulheret, a Senior Vulnerability Researcher at Cisco Talos, unveiled a series of critical vulnerabilities affecting Dell's **ControlVault 3** and **ControlVault 3 Plus** secure system-on-chip (SoC) solutions. Laulheret's research, part of his work at Cisco Talos focusing on Windows embedded systems, demonstrates how a seemingly "secure" hardware component designed to protect sensitive data and manage security peripherals can be fully compromised, leading to permanent firmware modification, login bypasses, and even system-level privileges on the host operating system.
AI review
Solid, well-executed embedded security research that takes a widely-deployed 'secure' hardware component and systematically dismantles every layer of its supposed security posture. Laulheret clearly did the hard work — reverse engineering undocumented firmware, building heap primitives from scratch, chaining them to a stack overflow, leaking OTP keys, and ultimately landing a SYSTEM shell on the host via a firmware-backdoor-assisted deserialization confusion. The fingerprint bypass with a plastic finger and a piece of green onion is the kind of demo that makes audiences uncomfortable in…