Some of Razer’s gaming laptops are currently impacted by a vulnerability that could leave the devices open to attacks. As reported by The Register, a security vulnerability in the Intel processors on Razer laptops was first discovered by a security expert in late March — and could mean that hackers might be able to implant malware and cause harm to affected systems.
A similar vulnerability to the one impacting Razer laptops — code-named CVE-2018-4251 — had previously been discovered in Apple laptops. In that case, Apple failed to disable what is known as Intel Manufacturing Mode on the system motherboard before sending systems off to consumers. Patches, however, were eventually released in late October to address the issue.
A similar problem also now applies to Razer laptops as, unlike Apple, the company apparently failed to initially spot or patch the vulnerability. It means that hackers who already hold administrative privileges could have the potential to modify the firmware on Razer gaming systems to infect with malware as they see fit. Hackers also could also change the firmware versions on the machines to hide malicious viruses, or even initiate the impacts from Meltdown vulnerability found in Intel’s chipsets. In both cases, any attacks from hackers would also be hard to spot by antivirus software — or even remove it.
“Razer has been alerted to certain Intel Management Engine vulnerabilities in the Intel chipsets of several Razer laptop models. To address this issue, Razer laptops will ship from the factory with an update to remove these vulnerabilities,” Razer said in a statement.
According to Razer, products impacted by this vulnerability include the Base model of the 2018 Razer Blade 15, and also the 2018 and 2019 Razer Blade Advanced. Another model impacted is the 2018 Razer Blade Stealth 13. A software tool is being provided to apply an update to patch the issue with the Intel Management Engine, and it is being recommended for concerned users to approach Razer support for any assistance.
Razer is not alone when it comes to security vulnerabilities. Previously in 2016, a security researcher identified a Unified Extensible Firmware Interface (UEFI) bug in Lenovo’s ThinkPad System Management Mode (SMM) that would allow an attacker to bypass Windows’ security protocols.
Updated on April 3, 2019: Added a statement from Razer, link to the software tool, and more information on impacted models
- A security flaw leaves Ring doorbells and cameras vulnerable to spying
- Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs
- Intel’s chips are still vulnerable, and the new Ice Lake won’t patch everything
- Internet-connected Mr. Coffee machines have security vulnerability, McAfee says
- Tesla Model 3 vulnerability exposed at Pwn2Own; hackers take home the car