A new vulnerability in how Razer computer mice implement themselves into a PC system has the potential to become an entry point for hackers.
The news broke after a Twitter hacker identifying themselves as “jonhat” (@j0nh4t) uploaded a video exploiting the software. We won’t link it here for security reasons, but essentially jonhat abused the way the company’s mouse handles downloading its appropriate drivers from the internet. The mouse automatically downloads its files as the “SYSTEM” account—or, simply, an account with unlimited access. Jonhat hijacked this process to give themselves administrative privileges.
.@Razer Invitational – LATAM is back and bigger than ever, with eight nations ready to battle and prove they are the best in the world! Join us for a showdown like no other!
Register NOW!https://t.co/gmAfpfvd33 pic.twitter.com/tl4M21tEq2— Team RΛZΞR (@TeamRazer) August 23, 2021
The video was originally uploaded on Saturday, Aug. 21, upon which jonhat reached out to Razer to alert them to the exploit. Razer did not issue a response to jonhat until the following day on Aug. 22—just over 24 hours later. According to jonhat, Razer explained that their “security team is working on a fix ASAP.”
The company offered a bounty for finding the issue as well.
At the time of writing, however, a fix still has not been issued. Although, a few replies to jonhat’s video did point out that the problem wasn’t just with Razer’s software. Other similar applications that take advantage of the automatic download prompt are also in danger. Razer may not be the only one who needs to give the process a facelift.
Most say the easiest fix is to simply remove the automatic download and instead redirect users to a site where they need to manually install the drivers. Whether Razer goes this route, however, remains to be seen.
PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.
