Razer Laptops Shipped With Massive Firmware Vulnerabilities

Razer Laptops Shipped With Massive Firmware Vulnerabilities

Razer got its start making gaming-oriented peripherals like keyboards and mice, but it expanded into laptops a few years ago. The company’s Blade laptops still have that gamer aesthetic paired with powerful hardware. However, they also have a nasty security vulnerability that could let hackers implant malware on your system.

The vulnerability, known as CVE-2018-4251, is similar to one previously detected and patched in Apple laptops. It relates to the Intel Manufacturing Mode, a part of motherboard firmware for Intel-based systems. Apple spotted the screwup on its own and fixed it before anyone could take advantage, but the vulnerability has just been reported publicly after the discoverer was unable to get through to Razer. See below for an example of Razer just not understanding.

Manufacturing Mode is an undocumented configuration and testing suite that’s never supposed to be included on shipping firmware. It allows manufacturers to configure important platform settings like boot verification and write the settings to one-time programmable memory modules (FUSEs). The system parameters are initially stored in temporary memory for testing purposes and are then burned to FUSEs when closing Manufacturing Mode. If Manufacturing Mode is still active on a system, it could allow an attacker to create their own malicious system configuration options and lock them into the machine.

Hey! Thanks for mentioning us. Our Systems Team would like to check on this. Could you please tell us more about the challenges with your Razer laptop via DM and we'll take it there.

— RΛZΞR Support (@RazerSupport) March 21, 2019

This vulnerability does not on its own allow hackers to take over a computer, but it offers a mighty tempting target if they manage to get in. They could change system settings to hide malware from detection, essentially telling the computer that the malware the hacker just installed is supposed to be there. Someone could even leverage the Intel Meltdown vulnerability to wreak havoc by downgrading to older BIOS versions that don’t protect against the CPU-level vulnerabilities.

Continue reading

Razer’s Tomahawk Ultra-Compact Desktop PC Goes on Sale This Month
Razer’s Tomahawk Ultra-Compact Desktop PC Goes on Sale This Month

The ultra-compact PC will be available for pre-order this very month with specs including a Core i7 CPU and up to an Nvidia RTX 3080 graphics card. Razer's new PC won't come cheap, though.

Razer Updates Raptor 27 Gaming Monitor: Higher Refresh Rate, Price
Razer Updates Raptor 27 Gaming Monitor: Higher Refresh Rate, Price

The company has just announced a new version of its premium gaming monitor with faster refresh and the option to ditch some of those LEDs with a custom stand. However, the Raptor 27 doesn't come cheap.

Razer Synapse Bug Gives Windows Admin Access to Anyone Who Can Plug in a Mouse
Razer Synapse Bug Gives Windows Admin Access to Anyone Who Can Plug in a Mouse

You might want to keep an eye on your USB ports for the next few days. A security researcher has disclosed a disturbingly easy way to gain admin privileges in Windows 10 without a password, and for once, it's not Microsoft's fault.

Qualcomm-Powered Razer Handheld Game Console Leaks
Qualcomm-Powered Razer Handheld Game Console Leaks

Razer is prepping the release of a Qualcomm-powered gaming handheld known as the Snapdragon G3X Handheld Developer Kit. As the name implies, this device will be aimed at developers, but it could lead to a new generation of Android-powered game machines.