Privilege Escalation Issue Lets Razer and SteelSeries Products Hijack Windows 10

Fact-checked

Gaming accessories by Razer and SteelSeries could let attackers take over Windows 10 PCs, Tom’s Guide explains.

On August 25, just a day after people found out about Razer’s system bug that could enable someone to hack into another person’s computer through its gaming mice, security researcher Lawrence Amer discovered a similar flaw in SteelSeries’ products. This shows that the flaw is actually in the Windows desktop app. Ill-meant users can take over Windows 10 and presumably Windows 11 PCs through gaming mice, headsets, and even mousepads. 

But how does it work? When you plug one of the above-mentioned tools into a Windows PC for the first time, the PC in use will automatically download the desktop software without asking for any administrator approval whatsoever. While the installation is still in process, a user could change the settings, acquiring full system control, and install malicious programs that could get access to vulnerable data. 

How to Prevent It

There are some things users can do to secure their computers from computer hijacking.

Office PCs are in more danger than home PCs because there is little privacy in the workplace – everyone can come up to your desk while you’re away. That’s why it’s important to lock your screen when leaving your desk. 

To make absolutely sure that this scenario never happens with your computer, as additional security, log in as an administrator, go to System > Settings > About. Choose Advanced System Settings. A box labeled “System Properties” will show up. Then, choose the Hardware tab and click “Device Installation Settings”. A pop-up window will open, asking “Do you want to automatically download manufacturers’ apps and custom icons available for your devices?”. Choose the option “No (your device might not work as expected)”.

From hacking phones to hijacking computers, hacking statistics show that cybercrime can take many forms. In this case, both companies assure that this was an honest mistake. The companies were just trying to make their software as quick to install as possible. A spokesperson from SteelSeries even contacted Tom’s Guide, saying: “We are aware of the issue identified and have proactively disabled the launch of the SteelSeries installer that is triggered when a new SteelSeries device is plugged in. This immediately removes the opportunity for an exploit and we are working on a software update that will address the issue permanently and be released soon.”

ABOUT AUTHOR

Reading and writing have always been my way to get a hold of the world, especially when it comes to news. When I'm not writing, reading books, traveling, and going on long walks with my dog are the things I do to recharge my batteries.

Latest from Dimitra

Leave a Reply

Your email address will not be published. Required fields are marked *