A white-hat hacker found a bug on Razer’s device installer software that can give users full admin privileges in Windows 10 just by plugging in select Razer mouse or keyboard.
The hack works together with the Synapse software that comes when you install select Razer PC peripherals.
Twitter user @j0nh4t detailed the security flaw after he informed Razer of the issue and did not initially receive a response.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click
— jonhat (@j0nh4t) August 21, 2021
The tweet came with a video showing how incredibly easy it is to utilize this simple hack to gain admin privilege on a Windows 10 machine.
How it works is, if you plug a Razer product, even just a dongle if it’s a wireless one, Windows automatically gets a Razer installer that contains a driver and the Synapse software. Part of the setup process includes the automatic launch of Windows Explorer that asks the user where they want the driver to be installed.
This setup process is done with the highest admin privileges.
That seems normal. The problem is, @j0nh4t discovered that when the user decides to change the default location, it brings up a “Choose a folder” window where a user can right-click the installation window then press Shift to open a Powershell terminal that has the same admin privileges.
From there, any user can pretty much do anything they want on the machine.
Other experts have corroborated this discovery by doing their own testing.
This means that you can pretty much hack any Windows 10 machine just by buying a Razer product. And considering they are one of the most popular names in the gaming industry, getting your hands on one is very easy.
Razer has already acknowledged the issue and promised that they’re working on a fix.