Notebookcheck Logo

Razer's laptops confirmed to be affected by critical vulnerability

Razer is now working on a fix for the affected models released prior to 2016. (Source: Razer)
Razer is now working on a fix for the affected models released prior to 2016. (Source: Razer)
Razer issued fixes for all the models launched from 2016 onward, but owners of the Blade and Blade Pro models released prior to 2016 will have to wait for a few more weeks to get the fixes. The vulnerability is identical to the early 2018 CVE-2018-251 backdoor that affected Apple's MacBooks, which were sold with the Manufacturing Mode still enabled.

It might be pure coincidence, but it looks like more and more devices assembled on Chinese territories tend to come with some sort of vulnerability. Apart from Huawei’s handheld and laptop devices that are suspected to come with backdoors or exploits planted by the Chinese intelligence, one may remember Apple’s MacBook security flaws from early 2018, or the reports of HMD’s Nokia devices that were secretly sending user information to remote Chinese servers. According to a late March report, Razer’s laptops have also been found to be plagued with security vulnerabilities, and the company already stated that it is aware of these problems.

The security breaches in Razer’s laptops were first reported on seclists.org by Bailey Fox, who described the vulnerability as allowing “for attackers to safeguard rootkits with Intel Boot Guard, downgrade the BIOS to exploit older vulnerabilities such as Meltdown, and many other things." Fox also points out that this flaw seems to be identical to the CVE-2018-251 backdoor found on Apple’s MacBooks in early 2018. Back then, the Apple devices were discovered to have the Manufacturing Mode still enabled. This issue was not disclosed until June 2018 and Apple stated that it fixed the vulnerability in the High Sierra 10.13.4 version of its macOS released in March 2018.

The Razer case is a bit different. Fox disclosed the issue on March 21 and Razer only released firmware fixes on April 6, leaving all its laptop models vulnerable to attacks for a bit over 2 weeks. Tom’s Hardware reports that Razer managed to release firmware updates for all its models launched from 2016 onward. However, all previous models are still affected and "a software tool is being developed and will be available within a few weeks." Furthermore, Razer released a list with the affected models and all customers are kindly advised to reach out to Razer through its support page on the official website.

Laptop families and product codes for the affected models (Source: Tom's Hardware)
Laptop families and product codes for the affected models (Source: Tom's Hardware)
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2019 04 > Razer's laptops confirmed to be affected by critical vulnerability
Bogdan Solca, 2019-04- 9 (Update: 2019-04- 9)