After Razer made security headlines thanks to a flaw in Synapse software that allows for elevating Windows 10 privileges, maker SteelSeries is in a very similar situation. Security researcher Lawrence Amer of Oxsp found that the installation software on the devices produced by the company also allow users to elevate permissions to gain complete control of the system.
According to Amer, it was the discovery of the problems with Razer that motivated him to research whether the same was possible with accessories from other manufacturers. In the case of SteelSeries, access to system settings is via a screen displaying the terms of service for your software, which is opened with administrator privileges.
From there, the researcher was able to open a Windows 10 command prompt, guaranteeing him the possibility of creating new users and raising the access level of the pre-existing ones. In the case of Razer, access was guaranteed thanks to the Synapse installer, which runs with administrator privileges and allows opening the operating system’s Powershell using the Shift + Click shortcut with the right mouse button.
Want to catch up on the best tech news of the day? Access and subscribe to our new youtube channel, Canaltech News. Everyday a summary of the main news from the tech world for you!
Devices are unnecessary
In both cases, it is not even necessary to have a product manufactured by the companies to be able to exploit the gaps. Researcher István Tóth has published a script capable of mimicking the behavior of human interface devices through an Android device, which can be used to emulate the connection of a real device.
it is not only about @Razer.. it is possible for all.. just another priv_escalation with @SteelSeries https://t.co/S2sIa1Lvjv pic.twitter.com/E3NPQnxqo2
— Lawrence 勞倫斯 (@zux0x3a) August 23, 2021
Although still in the experimental stage, the tool has already proven itself capable of imitating both Razer and SteelSeries devices. In the case of SteelSeries software, the problem explored is slightly different, as the installation process happens completely automatically and without user interaction — with the exception of the link to the terms of service.
Amer tested his findings in a virtual machine and used the Internet Explorer browser to save the web page opened by the program. From the obtained document, he was able to access a command prompt with advanced privileges. The researcher stated that this method can continue to be used even after installing a patch patch.
When consulted, SteelSeries said it is aware of the breach and has disabled the automatic installation of its software when a device is connected while searching for a more definitive solution to the problem. So far, it has not provided a forecast of when the update will be released.
Source: Bleeping Computer
Did you like this article?
Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.