Security expert Jon Hat discovered an unusual vulnerability in Razer mice and posted information about it over the weekend, complaining that the company did not respond to his alert.
The problem with Razer was that connecting a mouse or Windows Update adapter (Windows Update) launched the RazerInstaller executable with a high level of access, in fact, with administrator rights.
Simply put, when the mouse was connected to the computer for the first time, the download and launch of the driver and software via Windows Update were activated with the rights to install it. A similar approach is implemented in SteelSeries mice.
Need local admin and have physical access?
— jonhat (@j0nh4t) August 21, 2021
- Plug a Razer mouse (or the dongle)
- Windows Update will download and execute RazerInstaller as SYSTEM
- Abuse elevated Explorer to open Powershell with Shift+Right click
Tried contacting @Razer, but no answers. So here's a freebie pic.twitter.com/xDkl87RCmz
RazerInstaller also allows you to access Windows Explorer and Powershell with "elevated" privileges. This essentially means that someone with physical access to the computer can easily install malicious software. The situation is aggravated by the fact that an attacker does not even need to have a real Razer mouse in his hands, since the USB ID can be easily forged.
Since this vulnerability requires direct physical access to the computer, it is not as dangerous as those requiring remote access, but it is still a worrying find. After the post on Twitter, Razer reacted and got in touch with Hat. Razer said the security team is already working on a fix.
0 Comments