Razer's laptops confirmed to be affected by critical vulnerability
It might be pure coincidence, but it looks like more and more devices assembled on Chinese territories tend to come with some sort of vulnerability. Apart from Huawei’s handheld and laptop devices that are suspected to come with backdoors or exploits planted by the Chinese intelligence, one may remember Apple’s MacBook security flaws from early 2018, or the reports of HMD’s Nokia devices that were secretly sending user information to remote Chinese servers. According to a late March report, Razer’s laptops have also been found to be plagued with security vulnerabilities, and the company already stated that it is aware of these problems.
The security breaches in Razer’s laptops were first reported on seclists.org by Bailey Fox, who described the vulnerability as allowing “for attackers to safeguard rootkits with Intel Boot Guard, downgrade the BIOS to exploit older vulnerabilities such as Meltdown, and many other things." Fox also points out that this flaw seems to be identical to the CVE-2018-251 backdoor found on Apple’s MacBooks in early 2018. Back then, the Apple devices were discovered to have the Manufacturing Mode still enabled. This issue was not disclosed until June 2018 and Apple stated that it fixed the vulnerability in the High Sierra 10.13.4 version of its macOS released in March 2018.
The Razer case is a bit different. Fox disclosed the issue on March 21 and Razer only released firmware fixes on April 6, leaving all its laptop models vulnerable to attacks for a bit over 2 weeks. Tom’s Hardware reports that Razer managed to release firmware updates for all its models launched from 2016 onward. However, all previous models are still affected and "a software tool is being developed and will be available within a few weeks." Furthermore, Razer released a list with the affected models and all customers are kindly advised to reach out to Razer through its support page on the official website.