Windows 10 security has been thwarted again, this time by SteelSeries devices
Recently, a hacker discovered a strange exploit that allows you to give yourself full administrator rights on a Windows 10 PC by simply plugging in a Razer mouse and installing Razer Synapse. Turns out, it’s not just Razer products that can do this.
Twitter user @ zux0x3a discovered a similar feat with SteelSeries headsets, mice and keyboards. As with Razer products, the problem is with proprietary software in the hardware giving itself system-wide privileges without asking permission from the system administrator. Theoretically, someone could go to your work PC when you’re not around and plug in the dongle for a Razer or SteelSeries wireless mouse, install Synapse or SteelSeriesGG and gain full system privileges, which could wreak havoc. on a corporate network if they mean it. To hurt.
it’s not just @Razer .. it’s possible for everyone .. just another private escalation with @SteelSeries https://t.co/S2sIa1Lvjv pic.twitter.com/E3NPQnxqo223 Aug 2021
Initially, it was believed that the fault was with Razer or SteelSeries. But as Tom’s Guide points out that this is more of a Windows issue: it can’t distinguish between hardware drivers (which usually don’t need administrator permissions) and peripheral software (which does).
Right now, the recommendation if you want your PC to be locally secure (this only works if someone has physical access) is to make sure your screen is locked while you’re away, and find the Settings prompt. Windows device instillations (search for this in the Start menu) where you can tell Windows not to automatically download hardware manufacturer apps and custom icons. (With this setting off, you may experience minor issues the next time you plug in a new device.)
A SteelSeries spokesperson made the following statement to our friends at Tom’s Guide:
“We are aware of the identified issue and have proactively disabled the launch of the SteelSeries installer that is triggered when a new SteelSeries device is plugged in. This immediately removes the opportunity for an exploit, and we are working on an upgrade. software update which will fix the problem permanently and be released soon. “