Razer is currently working on addressing a bug found in its software, allowing users to seamlessly access any Windows 10 device by plugging in a keyboard or mouse made by the gaming peripheral company.
As spotted first by BleepingComputer, a security researcher who goes by the username @j0nh4t on Twitter discovered the exploit that is available on peripherals made by Razer. The user reached out to Razer to disclose the issue. When the company did not respond, @j0nh4t decided to flag the issue on Twitter, sharing a video and instructions on the security issue.
"We were made aware of a situation in which our software, in a very specific use case, provides a user with broader access to their machine during the installation process," a Razer representative told IGN in an email. "We have investigated the issue, are currently making changes to the installation application to limit this use case, and will release an updated version shortly. The use of our software (including the installation application) does not provide unauthorized third-party access to the machine."
When plugging in a Razer keyboard or mouse (wired or wireless) into the computer, it automatically downloads and installs Synapse, Razer's gaming software that allows you to control and customize some features on some of its products as RGB lighting effects or setting up hot-keys.
When the software installs on the device, the Windows' setup wizard asks you where to save the app's folder on the device, which can allow you to open a PowerShell window which then offers system privileges, and launching the PowerShell window allows you to turn yourself into an admin on the device.
Obtaining administrative rights on a Windows device is a major security issue. Anyone with the admin privilege can do a number of things, such as changing the security settings on your computer or accessing any files stored on the device.
Taylor is the Associate Tech Editor at IGN. You can follow her on Twitter @TayNixster.
Continue reading...
As spotted first by BleepingComputer, a security researcher who goes by the username @j0nh4t on Twitter discovered the exploit that is available on peripherals made by Razer. The user reached out to Razer to disclose the issue. When the company did not respond, @j0nh4t decided to flag the issue on Twitter, sharing a video and instructions on the security issue.
"We were made aware of a situation in which our software, in a very specific use case, provides a user with broader access to their machine during the installation process," a Razer representative told IGN in an email. "We have investigated the issue, are currently making changes to the installation application to limit this use case, and will release an updated version shortly. The use of our software (including the installation application) does not provide unauthorized third-party access to the machine."
When plugging in a Razer keyboard or mouse (wired or wireless) into the computer, it automatically downloads and installs Synapse, Razer's gaming software that allows you to control and customize some features on some of its products as RGB lighting effects or setting up hot-keys.
When the software installs on the device, the Windows' setup wizard asks you where to save the app's folder on the device, which can allow you to open a PowerShell window which then offers system privileges, and launching the PowerShell window allows you to turn yourself into an admin on the device.
Obtaining administrative rights on a Windows device is a major security issue. Anyone with the admin privilege can do a number of things, such as changing the security settings on your computer or accessing any files stored on the device.
Taylor is the Associate Tech Editor at IGN. You can follow her on Twitter @TayNixster.
Continue reading...