Some Windows exploits require computing expertise, dedication to craft, and a ton of free time. But everyone who went to hacker bootcamp should have focused on gaming instead, because it turns out that all you need to gain local admin access on a Windows 10 PC is a Razer mouse or keyboard.
As reported by BleepingComputer, a security researcher named jonhat discovered that plugging a Razer peripheral (or wireless dongle) into a computer triggers the Razer Synapse software installer under SYSTEM privileges. If you manually select a destination for the software, you can then Shift and Right-click to open a PowerShell window. This PowerShell window will have SYSTEM privileges because it’s running with the Synapse installer.
SYSTEM privileges are just as scary as they sound. They’re the highest level of privileges on a Windows device and open the door to all possible exploits. Unfortunately, Razer did not respond to jonhat’s bug submission, so he made the hack public on Twitter.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click
— jonhat (@j0nh4t) August 21, 2021
Of course, this exploit only works when you have in-person access to a Windows 10 PC. And even then, you need to get past the lock screen first. That could limit the uses for this exploit to computers at businesses, libraries, schools, and other facilities (for better or worse).
Razer has since addressed the issue and claims to have limited the bug’s usability. A future update will solve the problem, though this entire issue raises one big question—do other peripherals create similar vulnerabilities? Razer isn’t the only company that sells USB devices with automatic installers, after all.