The previously unreported analysis, validated by Dell in a June security advisory, affected more than 100 models of Dell laptops, according to the company, and targeted a chip in the computer that stores passwords, biometric data and security codes, and installs fingerprint, smartcard and near-field communications drivers and firmware.
There is no indication that the vulnerabilities have been exploited in the wild, according to the researchers, and Dell issued patches for the devices in March, April and May, with an overall security advisory published 13 June.
The vulnerabilities are specific to the Broadcom BCM5820X chip used by Dell in its ControlVault security firmware and software. The flaw affects laptop models common in the cybersecurity industry and government settings, according to Philippe Laulheret, the senior vulnerability researcher at Cisco Talos who discovered and led the analysis.
"Sensitive industries that require heightened security when logging in via smartcard or NFC are more likely to find ControlVault devices in their environment," Laulheret wrote in a blog published on Tuesday ahead of a presentation of the analysis at the Black Hat security conference in Las Vegas scheduled for 6 August.