It's not just Razer: SteelSeries peripherals can bypass Windows 10 security protocols as well

When you think of cybersecurity breaches, the first thing that comes to mind is probably a bunch of hooded figures delving through walls of code in a dark basement, or something like what The Napster does in 2003's The Italian Job.

The point is, never in a million years would you think that plugging in your gaming mouse or a pair of headphones could actually compromise your computer's security, and to be fair, up till a few days ago, neither did a lot of other people.

Case in point, it was recently discovered that plugging in a Razer peripheral like a gaming mouse and installing the associated Razer Synapse application onto a system running Windows 10 software can apparently provide the user with full system privileges, even if they aren't usually allocated those rights.

But while it might seem relatively harmless to casual users like us, it can be potentially catastrophic for corporate systems - imagine if someone with malicious intentions used it to gain access to private user data.

With such possibilities in mind, it goes without saying that many users have been looking into the extent of this exploit.

At the time, it was believed that the root cause of the problem was due to how Razer Synapse was coded, but a Twitter user called Lawrence (@zux0x3a) has since shared that SteelSeries peripherals are also capable of triggering this exploit via the SteelSeries GG desktop app.

[embed]https://twitter.com/zux0x3a/status/1429841541036527616[/embed]

Other sources, like Tom's Guide (thanks!) have also weighed in with more information surrounding this peculiar exploit.

Apparently, what they've dug up is that the problem doesn't originate from the code within Razer Synapse, SteelSeries GG or any similar applications.

Rather, the issue lies in Windows 10's inability to differentiate these desktop applications from hardware drivers, the latter of which usually doesn't require admin privileges to install.

[[nid:541815]]

As such, when a user wants to install Razer Synapse, the system treats the program like it would a hardware driver, inadvertently granting the user full administrative rights.

Currently, the only way that users can "protect" their computers from pesky intruders is to ensure that their device is securely locked behind a sturdy password when not in use, or preventing the system from automatically downloading hardware drivers.

There's a box you can un-check within the Windows Device Installation Settings that allows you to do so, and although it does make some of the legitimate software updates a lot more troublesome, at least you won't have to worry about anyone poking around where they shouldn't be.

This article was first published in Hardware Zone.