Notebookcheck

Razer investigating potential Synapse software security threat

Razer investigating potential Synapse software security threat
Razer investigating potential Synapse software security threat
We recommend that owners of any Razer laptop or keyboard change their passwords until the manufacturer can provide a proper public response to the apparent security flaw.

A user on the official Razer Reddit forum has purportedly discovered a security flaw in Razer's Synapse application that could potentially allow third-party malware programs to pull and upload the user's Synapse login credentials. While most forum posts from unverified sources are not usually newsworthy, this particular post has detailed the exact steps on how to exploit the security flaw and has even received a short official response from Razer as a result.

The Razer Synapse software is pre-installed on all Razer notebooks from the Blade Stealth all the way up to the Blade Pro and a special login is required in order to access macros, keyboard lighting settings, gameplay recording, cloud gaming data, and other features unique to the Razer family of products. This is in stark contrast to similar software programs from MSI, Aorus, Alienware, and Clevo where all hardware-specific features are available offline without needing to sign up. While it may not sound like a critical issue to lose login credentials for some esoteric application, many users are in the habit of reusing the same usernames and passwords across a wide variety of unrelated programs.

There is not yet an ETA on when or if a future security patch will resolve the issue, but owners of Razer keyboards and laptops are highly encouraged to change their passwords until further notice.

Update: Razer has swiftly come out with a longer official response earlier this morning regarding the newly discovered exploit:

"Razer likes to thank Reddit user /u/johnduhart for sending us his feedback. Our team has looked into this and would like to assure our users that their security is of utmost importance to us and that our server side encryption remains fully ensured and secure. With our upcoming improvements to Razer Synapse we will be moving away from current methods of local client storage and encryption of credentials. Concerned users may choose to update their passwords as a safety measure. All users are encouraged to practice good internet security awareness and habits such as using different passwords for different services, as well as we are encouraging all our users to ensure that their PCs are password protected to ensure that unauthorized 3rd parties do not have access."

In other words, the manufacturer will be changing the way it stores and encrypts login information to circumvent the security hole entirely. There is still no word on when we can expect the fix to come, but it's good to know that the flaw is now on their radar and being worked on. In the meantime, changing your Synapse password would be best course of action.

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2017 07 > Razer investigating potential Synapse software security threat
Allen Ngo, 2017-07- 3 (Update: 2017-07- 3)
Allen Ngo
Allen Ngo - US Editor in Chief
After graduating with a B.S. in environmental hydrodynamics from the University of California, I studied reactor physics to become licensed by the U.S. NRC to operate nuclear reactors. There's a striking level of appreciation you gain for everyday consumer electronics after working with modern nuclear reactivity systems astonishingly powered by computers from the 80s. When I'm not managing day-to-day activities and US review articles on Notebookcheck, you can catch me following the eSports scene and the latest gaming news.