Razer mice have an odd but serious security flaw

Razer’s installation software for wired and wireless mice has a serious security flaw that provides an unusually high level of system access, potentially allowing malicious attackers to install harmful software on a user’s computer.

Well-known security researcher Jon Hat shared the vulnerability on Twitter over the weekend.

After plugging in a Razer mouse or dongle, he discovered that Windows Update would download the Razer installer executable and run it with System privileges.

In addition, it lets the user access the Windows File Explorer and Powershell with elevated privileges.

This level of access could allow someone with physical access to the computer to install harmful software.

Although an attack cannot be carried out remotely, it is strange that the driver installation for a peripheral would require this level of access.

Hat contacted Razer, and the company later told him that it was working on a fix.

The video below shows how plugging in a Razer mouse or wireless dongle gives System-level access to the Razer installation software.

Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click

Tried contacting @Razer, but no answers. So here’s a freebie pic.twitter.com/xDkl87RCmz

— jonhat (@j0nh4t) August 21, 2021

Razer provided a statement to tech news site Engadget in which it confirmed it was aware of the issue.

“We were made aware of a situation in which our software, in a very specific use-case, provides a user with broader access to their machine during the installation process,” Razer stated.

The company did not divulge further details on the scenarios under which the software would behave in this way.

It said it is currently making changes to the installation application to limit the particular use-case and would release an updated version shortly.

The company said the use of its software — including the installation application — did not provide unauthorized third-party access to the machine.

“We are committed to ensuring the digital safety and security of all our systems and services, and should you come across any potential lapses, we encourage you to report them through our bug bounty service, Inspectiv,” it added.

Now read: R46 million — The cost of a data breach at a South African company