Dan Baker/Digital Trends
Some of Razer’s gaming laptops are currently impacted by a vulnerability that could leave the devices open to attacks. As reported by The Register, a security vulnerability in the Intel processors on Razer laptops was first discovered by a security expert in late March — and could mean that hackers might be able to implant malware and cause harm to affected systems.
A similar vulnerability to the one impacting Razer laptops — code-named CVE-2018-4251 — had previously been discovered in Apple laptops. In that case, Apple failed to disable what is known as Intel Manufacturing Mode on the system motherboard before sending systems off to consumers. Patches, however, were eventually released in late October to address the issue.
A similar problem also now applies to Razer laptops as, unlike Apple, the company apparently failed to initially spot or patch the vulnerability. It means that hackers who already hold administrative privileges could have the potential to modify the firmware on Razer gaming systems to infect with malware as they see fit. Hackers also could also change the firmware versions on the machines to hide malicious viruses, or even initiate the impacts from Meltdown vulnerability found in Intel’s chipsets. In both cases, any attacks from hackers would also be hard to spot by antivirus software — or even remove.
“Razer has a vulnerability affecting all current laptops, where the SPI Flash is set to full read/write and the Intel CPU is left in ME Manufacturing Mode. This allows for attackers to safeguard rootkits with Intel Boot Guard, downgrade the BIOS to exploit older vulnerabilities such as Meltdown, and many other things,” explains security expert Bailey Fox.
According to a report from Laptop Mag, products impacted by this vulnerability include the 2018 and 2019 Razer Blade Advanced, as well as 2019 Blade Stealth 13. New versions of these systems, however, supposedly will come shipped with a patch for the vulnerabilities. A downloadable patch is also has surfaced online for existing systems, but it is now clear if it is coming from official channels — or how consumers can install it.
Razer is not alone when it comes to security vulnerabilities. Previously in 2016, a security researcher identified a Unified Extensible Firmware Interface (UEFI) bug in Lenovo’s ThinkPad System Management Mode (SMM) that would allow an attacker to bypass Windows’ security protocols.
Editors’ Recommendations
- A security flaw leaves Ring doorbells and cameras vulnerable to spying
- Intel’s chips are still vulnerable, and the new Ice Lake won’t patch everything
- Internet-connected Mr. Coffee machines have security vulnerability, McAfee says
- Check your ports! Researchers find scary vulnerability in Thunderbolt accessories
- Fortnite Login Vulnerability