SteelSeries Peripherals Can Bypass Windows Security, Too


This web-site might receive affiliate commissions from the one-way links on this web page. Terms of use.

Windows end users all-around the world have been on the lookout warily at their Razer peripherals earlier this 7 days. Which is when a protection researcher mentioned the devices could be utilised to gain administrator privileges on Windows, and it turns out Razer is not alone. The similar vulnerability exists in the SteelSeries ecosystem. Basically plugging in a person of these equipment grants the potential to set up computer software without having logging in as an admin. SteelSeries claims it is set the concern, but this is starting to really feel like it’s additional Microsoft’s fault than any one else. 

To recap, this ongoing snafu is thanks to the way Windows supports 3rd-occasion gadgets. When you plug in a peripheral that Home windows acknowledges, it will obtain the necessary program from the maker. In the case of Razer, it downloads Synapse, and for SteelSeries, it’ll grab the Engine suite. 

In accordance to @zux0x3a on Twitter, the installation dialog for Motor makes the exact same mistake as Razer. The user can use the prompts to entry other applications like the browser and command prompt. Due to the fact they originate from a Windows technique ingredient, they retain process privileges. Hence, you can install any malicious matter you want devoid of realizing the admin password. 

it is not only about @Razer.. it is achievable for all.. just an additional priv_escalation with @SteelSeries

— Lawrence 勞倫斯 (@zux0x3a) August 23, 2021

SteelSeries says it has fixed the issue by disabling the computerized application installation. The company is operating on a everlasting take care of, but in the meantime, users will have to set up their peripheral’s computer software manually. That does not feel like a large inconvenience, however. This must provide as a reminder that any gadget that calls for a bulky software program suite to control is a prospective safety difficulty. 

SteelSeries undoubtedly really should have detected this vulnerability, and the same goes for Razer, but Microsoft is not blameless. The way Home windows proactively installs these computer software offers is starting off to glimpse like the authentic problem. Perhaps it’s not a great concept to develop the OS in this sort of a way that a USB unit can set off an simply hijacked installation dialog. Luckily, you can mitigate this issue with a quick journey to the options. The toggle you are hunting for is buried in the Home windows 10 Control Panel, but you can just research for “Change gadget installation options.” Convert it off, and peripherals won’t be able to result in computer software installations. The disadvantage is that you will have to go hunt down the correct software program and install it oneself.

Now study:

This website may perhaps make affiliate commissions from the hyperlinks on this webpage. Conditions of use.

Leave a comment

Your email address will not be published.