Windows 10 Security Defeated By Plugging In Razer Peripherals

B. Simmons August 23, 2021 in Tech Tagged computer peripherals, gaming peripherals, microsoft, Razer, Security, security issue, Windows 10 - 2 Minutes

As long as you have physical access, ~$20 bypasses all that security.

Thanks to a bug in Razer’s device installer, Windows 10’s security measures are easily defeated by simply plugging in any Razer peripheral. This means for about $20 (around the price of a Razer Deathadder v2 gaming mouse), you can get past any measures a user set up, provided you have physical access to their PC.

The bug was noticed by white hat hacker jonhat (@j0nh4t) over on Twitter. Notably, his post also includes a video of it in action.

Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click

Tried contacting @Razer, but no answers. So here's a freebie pic.twitter.com/xDkl87RCmz
— ҉j҉o҉n҉h҉a҉t҉ (@j0nh4t) August 21, 2021

To put this in layman’s terms, since plugging in a Razer device requires the install process, and that process requires the opening of an explorer window, and that window has admin access because it needs to ask you where to install the drivers, all it takes is a new Razer device without drivers to bypass security (assuming I have all of this down right). BleepingComputer confirms this works, as well.

Coincidentally, a response in jonhat’s thread confirms that simply spoofing the vendor id will work, so that $20 price tag isn’t necessarily necessary. Another responder confirmed that it works with ROG devices for similar reasons regarding the installer.

READ: Samsung's Got some Star Wars Themed Robot Vacuums

For their part, Razer has made an statement (via ComputerBase):

We were made aware of a situation in which our software, in a very specific use case, provides a user with broader access to their machine during the installation process.

We have investigated the issue, are currently making changes to the installation application to limit this use case, and will release an updated version shortly. The use of our software (including the installation application) does not provide unauthorized third-party access to the machine.

We are committed to ensuring the digital safety and security of all our systems and services, and should you come across any potential lapses, we encourage you to report them through our bug bounty service, Inspectiv: https://app.inspectiv.com/#/sign-up.

But should you be worried about it? Probably not. Basic precautions, like not leaving your laptop unattended in public places, or not letting randos use your PC, will cover most of the issue. After all, the bug requires physical access to exploit it.

Microsoft has yet to comment on the issue. Which is intriguing, as presumably this could work in Windows 11, though no one has tried it yet.

Source: PC Gamer

About Author

B. Simmons

Based out of Glendale California, Bryan is a GAMbIT’s resident gaming contributor. Specializing in PC and portable gaming, you can find Bryan on his 3DS playing Monster Hunter or at one of the various conventions throughout the state.

See author's posts

B. Simmons

Based out of Glendale California, Bryan is a GAMbIT's resident gaming contributor. Specializing in PC and portable gaming, you can find Bryan on his 3DS playing Monster Hunter or at one of the various conventions throughout the state.

Learn More →