Connect with us


The latest and greatest Windows 10 hacking tool? A Razer mouse

Razer is currently working on a fix for this local vulnerability.

Razer viper gaming mouse
Image: KnowTechie

Over the weekend, it was revealed by a security researcher on Twitter that Razer PC peripherals like mice and keyboards could be used to gain administrative access to Windows 10.

Essentially, it works by plugging in a mouse or keyboard. Then, Windows will download and execute RazerInstaller as SYSTEM. From there, it is a matter of simply using Explorer and Shift+Right Click to open up PowerShell. This would give users access to command prompts, and from there, as they say, the rest is history.

Jonhat, the person that discovered the bug has followed up on the weekend post, noting that Razer has now been in contact with them and that the company is working on a fix. Jonhat had originally contacted Razer privately, but after not receiving a response, went public with the information.

According to BleepingComputer, this is a local privilege escalation (LPE) vulnerability, which means anybody with nefarious plans would need physical access to the computer and the Razer product as well.

What happens that makes this vulnerability possible is that when you plug in the device, the setup wizard for Razer Synapse asks where you’d like it installed. It is during this step that users with bad intentions can gain access to admin privileges as outlined above.

After the post gained tons of traction on Twitter, Razer finally responded to jonhat and the company is working on a fix. They have even offered the security research a bounty for their finding, which is a bit surprising because jonhat went public with the findings.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Former KnowTechie editor.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Security