Recently, a white hat hacker discovered an odd exploit which allows you to give yourself full admin rights on a Windows 10 PC just by plugging in a Razer mouse and installing Razer Synapse. It turns out it’s not just Razer products that can do this, though.
Twitter user @zux0x3a discovered a similar exploit with SteelSeries headsets, mice, and keyboards. Like with the Razer products, the problem lies with the hardware’s proprietary software that gives itself system-wide privileges without asking for the system administrator’s permission. Theoretically, someone could go to your workplace PC when you’re not around and plug in the dongle for a wireless Razer or SteelSeries mouse, install Synapse or SteelSeriesGG, and gain full system privileges, which could wreak havoc on a corporate network if they mean to do harm.
it is not only about @Razer.. it is possible for all.. just another priv_escalation with @SteelSeries https://t.co/S2sIa1Lvjv pic.twitter.com/E3NPQnxqo2August 23, 2021
Initially, the fault was thought to be with Razer or SteelSeries. But as Tom’s Guide points out, this is more of a Windows issue: It can’t distinguish between hardware drivers (things that usually don’t need admin permissions) and peripheral software (which do).
For the moment, the recommendation if you want your PC to be locally secure (this only works if someone has physical access) is to make sure your screen is locked while you’re away, and to find the Windows Device Instillations Settings prompt (search for it from the Start menu) where you can tell Windows not to automatically download hardware manufacturer apps and custom icons. (With that setting turned off, you may run into minor issues the next time you plug in a new device.)
A spokesperson for SteelSeries gave the following statement to our friends over at Tom’s Guide:
“We are aware of the issue identified and have proactively disabled the launch of the SteelSeries installer that is triggered when a new SteelSeries device is plugged in. This immediately removes the opportunity for an exploit, and we are working on a software update that will address the issue permanently and be released soon.”