The latest and greatest Windows 10 hacking tool? A Razer mouse
Razer is currently working on a fix for this local vulnerability.
Over the weekend, it was revealed by a security researcher on Twitter that Razer PC peripherals like mice and keyboards could be used to gain administrative access to Windows 10.
Essentially, it works by plugging in a mouse or keyboard. Then, Windows will download and execute RazerInstaller as SYSTEM. From there, it is a matter of simply using Explorer and Shift+Right Click to open up PowerShell. This would give users access to command prompts, and from there, as they say, the rest is history.
Jonhat, the person that discovered the bug has followed up on the weekend post, noting that Razer has now been in contact with them and that the company is working on a fix. Jonhat had originally contacted Razer privately, but after not receiving a response, went public with the information.
According to BleepingComputer, this is a local privilege escalation (LPE) vulnerability, which means anybody with nefarious plans would need physical access to the computer and the Razer product as well.
What happens that makes this vulnerability possible is that when you plug in the device, the setup wizard for Razer Synapse asks where you’d like it installed. It is during this step that users with bad intentions can gain access to admin privileges as outlined above.
After the post gained tons of traction on Twitter, Razer finally responded to jonhat and the company is working on a fix. They have even offered the security research a bounty for their finding, which is a bit surprising because jonhat went public with the findings.
Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.
- Razer’s latest set of gaming earbuds stuffs RGB lighting into your earholes
- We’re never going to get The Elder Scrolls 6 because of freaking Skyrim remasters
- Screw the remastered GTA games, where’s our Metal Gear Solid remake?
- Legendary FPS Quake comes out of nowhere with a complete remaster on all platforms