A recent “hack” involving a Razer mouse shows what can happen if a new piece of hardware automatically downloads the required utility software: It can allow an attacker to take over a PC.
Late last week, security researcher “j0nh4t” showed that the RazerInstaller utility could be used to elevate privileges on a PC, giving an attacker total control. Essentially, all a user would need to do is attach a Razer mouse, wait for Razer’s utility software to download, and then run PowerShell. Using the technique that jonh4t described in his tweet, a guest account on a PC could obtain administrator status and control the PC.
To be fair, anytime an attacker has physical control of a PC, you’re at risk—that means the hacker is either seated at your desk or has stolen your laptop. The researcher also reported that Razer is busy working on a patch.
It’s not clear, however, whether Razer will address the fundamental issue: Yes, it’s convenient for Razer to automatically push its utility to your PC. On the other hand, when that happens, you never quite know what your PC will receive. (Protect yourself by using PCWorld’s recommended antivirus programs.) Asking the user to download Razer’s utility, rather than doing it for them, might be a step toward solving that problem.
Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
