Now plugging in a keyboard can let you hijack Windows 10 admin rights

News
By published

Exploit can work even on emulated devices, claim researchers

Avast cybersecurity
(Image credit: Avast)

A bug in the official app that helps install SteelSeries devices on Windows 10 can be exploited to obtain administrator privileges, cybersecurity experts have found.

The exploit was discovered by offensive security researcher Lawrence Amer, who was encouraged by the zero-day vulnerability discovered by another security researcher in the plug-and-play installation mechanism of Razer mice that also helped elevated privileges.

Having wondered if the same can be achieved with other devices, Amer found that the plug-and-play installation mechanism of SteelSeries devices was also exploitable.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

“Since the process wrapper of this software is running with SYSTEM privileges, the attacker could abuse the installation path to launch a prompt command with the same permission,” explains Amer as he details the exploit.

Wide repercussions

Detailing the process, Amer notes that he tried a couple of things before he discovered that he could get elevated privileges during the SteelSeries keyboard setup process, using a link in the License Agreement screen that is opened with SYSTEM privileges. 

More worryingly, BleepingComputer reports that threat actors can replicate this behaviour even without using a real SteelSeries device, thanks to a script written by penetration testing researcher István Tóth, which can be used to mimic human interface devices (HID) on Android phones.

Designed specifically for testing local privilege escalation attacks, the script can successfully emulate both Razer and SteelSeries devices.

After Amer published his research, Tóth posted a video on Twitter showing that the exploit could be replicated on devices virtualized by his script.

For their part, SteelSeries told BleepingComputer that it was aware of the research, because of which it has now disabled automatically launching the installer when a device is plugged.

"This immediately removes the opportunity for an exploit and we are working on a software update that will address the issue permanently and be released soon,” said the SteelSeries spokesperson.

Via BleepingComputer

TOPICS
Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
A person at a laptop with a cybersecure lock symbol floating above it.
Parallels Desktop has some worrying security flaws for Mac users
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
New UEFI Secure Boot flaw exposes systems to bootkits
Representational image of a cybercriminal
Microsoft discovers five potentially damaging attacks against its own software
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Apple users facing new security risks after critical USB component hacked
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
Latest in Pro
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
AI quantization
What is AI quantization?
US flags
US government IT contracts set to be centralized in new Trump order
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
Latest in News
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
More about pro
Dell Pro Max with GB300

HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
AI quantization

What is AI quantization?
Girl wearing Meta Quest 3 headset interacting with a jungle playset

Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
See more latest
Most Popular
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard