Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News
News Categories

PSA: Razer Synapse zero-day grants admin rights to anyone plugging in a Razer mouse

By Ken Wong - on 24 Aug 2021, 11:29am

PSA: Razer Synapse zero-day grants admin rights to anyone plugging in a Razer mouse

The flaw could allow someone to take over your PC. Image courtesy of Razer.

According to online reports, a security researcher jonhat said in his Twitter feed that he has discovered a zero-day exploit that occurs during the installation of Razer Synapse configuration software that allows potential hackers admin privileges on a Windows-based device.

In his tweet post that included a video, jonhat said:

Need local admin and have physical access?

Plug a Razer mouse (or the dongle)Windows Update will download and execute RazerInstaller as SYSTEM

Abuse elevated Explorer to open Powershell with Shift+Right click

Tried contacting @Razer, but no answers. So here's a freebie

What happens is that when a Razer mouse is connected to a Windows laptop, Windows fetches a Razer installer containing the driver software and the Razer Synapse utility. It then opens up an explorer window asking for the installation destination.

The problem is that this is done with Admin privileges, and if a user opts to change the default installation location, a 'Choose a folder' option is given to the user who can right-click the installation window and press the Shift key to open a Powershell terminal with those same Admin privileges.

 

Image courtesy of jonhat

With these privileges, anyone can get full control over the system, meaning that they can view, change or delete data, they can create new accounts with full user rights, and can install anything malicious they want.

Overall, executing it wouldn’t be easy as an attacker would need actual physical access to a laptop and time to plug in a peripheral and dl the software and run things from there. However, it is the ease of attack that makes it scary. At least until a patch is released.

When we reached out to Razer, they said that were aware of the situation and are currently making changes to the installation application to limit this use case and will release an updated version shortly. They also encourage any further discoveries to be submitted through their bug bounty service, Inspectiv.

 

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.