Razer’s latest laptops are vulnerable to a flaw that allows malware to withstand reboots, hard drive wipes and most other traditional methods used to get rid of them. It’s similar to the CVE-2018-4251 flaw where the attackers were able to change the firmware of Macs with manufacturing mode enabled. Luckily, this vulnerability wasn’t publicly disclosed until after a fix was released, which prevented any major damages from occurring.
In the month of March, researcher Bailey Fox said: “Razer has a vulnerability affecting all current laptops where the SPI Flash is set to full read/write and the Intel CPU is left in ME Manufacturing Mode.” He also mentioned that it allows attackers to safeguard rootkits with Intel Boot Guard and downgrade the BIOS in order to maneuver other vulnerabilities.
Razer has acknowledged this issue and will no longer sell laptops with manufacturing mode enabled. To solve the issue, they have released an update for laptops which were released in 2016 or later. As for devices earlier than that, they are working on a software tool which will be disclosed in the weeks to come.
Malware has to make its way into the system and gain administrator privileges before it can exploit this vulnerability. This shouldn’t put any device at risk of initial compromise. The following devices are confirmed to be affected by this vulnerability :