Fingerprint BYPASS with just a pencil (real world hack)

Big thanks to ThreatLocker for sponsoring my trip to Black Hat 2025. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal

David Bombal sits down with Philippe Laulheret of Cisco Talos at Black Hat to unpack new vulnerabilities in Dell’s ControlVault security board (the module behind fingerprint/smart-card/NFC on many Latitude/Precision laptops). Laulheret chains two bugs to get code execution, leaks device-unique AES/HMAC keys, and modifies firmware for persistence. He then backdoors a function so requesting object “1337” delivers a payload that abuses the Windows Biometric Framework (Broadcom DLL) to spawn a SYSTEM reverse shell. Demos: onion/plastic-finger unlock and a physical USB ribbon-cable attack path.

// Phillippe Laulheret’s SOCIALS //
LinkedIn: / philippe-laulheret-094a5315
Talos Blog: https://blog.talosintelligence.com/author/philippe/
X: https://x.com/TalosSecurity

// David’s Social //

================
Coect with me:
================
Discord: http://discord.davidbombal.com
X: https://www.x.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube Main Chael https://www.youtube.com/davidbombal
YouTube Tech Chael: https://www.youtube.com/chael/UCZTIRrENWr_rjVoA7BcUE_A
YouTube Clips Chael: https://www.youtube.com/chael/UCbY5wGxQgIiAeMdNkW5wM6Q
YouTube Shorts Chael: https://www.youtube.com/chael/UCEyCubIF0e8MYi1jkgVepKg
Apple Podcast: https://davidbombal.wiki/applepodcast
Spotify Podcast: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ

================
Support me:
================
Or, buy my CCNA course and support me:
DavidBombal.com: CCNA ($10): http://bit.ly/yt999ccna
Udemy CCNA Course: https://bit.ly/ccnafor10dollars
GNS3 CCNA Course: CCNA ($10): https://bit.ly/gns3ccna10

// MY STUFF //
https://www.amazon.com/shop/davidbombal

// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com

// Menu //
0:00 – Coming up
0:59 – ThreatLocker Shout Out
01:12 – Intro
02:10 – Paid to Hack Ethically

02:25 – The Finger and The Onion Story

03:25 – The ReVault Presentation
04:49 – Demo 1
06:19 – Attack Scenarios Physical Access vs Remote

10:48 – Reverse Shell Demo
11:51 – Demo 2
13:43 – The Bugs Attributes
15:32 – How Long Did It take to figure out ?
17:21 – I really Broke it now
17:45 – Demo 3
19:55 – Physical Attack Demo

20:55 – Conclusion & Outro

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Disclaimer: This video is for educational purposes only.

#threatlocker #blackhat #cisco

subscribe
  • David Bombal

Search

Categories

Recent Posts

Why Hackers Don’t Hack the Cloud, They Log In
Agents: The NEXT Big Attack Surface
Why People Buy the WRONG Laptops for Hacking
We Let AI Fix a Real Network. Here’s What Happened.
Windows 11: Kill Telemetry, Widgets & Bloat
Will Your Encryption Be Worthless in 3 Years?
Free CCNA Course: Dynamic NAT Pool (Live Lab)
Set Up Windows WITHOUT a Microsoft Account (2025)
Becoming a Ghost Online: 3 Privacy Levels
Are FAKE CAPTCHAs hacking you?