Windows is not for everyone. You can access the computer without administrator access. However, you aren't permitted to install or execute commands on the machine and you are generally restricted from full control. You can now grant yourself SYSTEM privileges to any Windows 10 computer by simply plugging in a Razer keyboard and mouse. This seems... terrible.
Advertisement
Windows is a great platform for different user rights. This protects your system against people who might abuse these privileges in any way. Administrator SYSTEMprivileges gives you complete control over Windows. It can be dangerous to grant that power to anyone.
Although the idea of having complete control over your computer by plugging in the right mouse sounds more absurd than a TV hacker's, it is true. Windows will automatically download Razer Synapse when you plug in these Razer peripherals. This software controls settings for your keyboard and mouse. The Razer software is granted SYSTEM privileges because it launches from a Windows process that has SYSTEM privileges.
However, this is not the place where vulnerability lies. After you have installed the software, Windows setup wizard will ask you where you want to save it. You will see a Choose a Folder prompt when you select a new folder location. You can press Shift and right click on it to open an Open PowerShell Window.
The PowerShell window now has SYSTEM privileges because it was launched from a process that had SYSTEM privileges. This effectively makes you an administrator on the machine and allows you to execute any command in the PowerShell windows.
User jonhat first reported the vulnerability on Twitter. He tried to contact Razer about it, but to no avail. Razer finally followed up and confirmed that a patch was in development. Razer is selling tools that allow you to hack millions of computers until the patch is made available.
Advertisement
How to protect your computer against Razers vulnerability
Although waiting for Razer to fix the bug is the best solution, we don't know how long it will take. You can protect your computer against the intrusions of Razer peripheral-wie lding hackers, by disabling your USB ports.
This can be done in many ways, some more complicated than others. However, Device Manager is the best place to start. Right-click on this PC and click Manage. Next, click Device Manager. Finally, click the arrow beside Universal Serial Bus controllers. This will list all USB controllers on your computer. These items can be disabled by right-clicking on them.
Advertisement
These instructions will guide you through the process of re-enabling your USB ports. You can also choose Enable to continue.