Ever thought that something as essential as a keyboard or any such peripheral can make you vulnerable to be attacked? Yes, by simply plugging a keyboard into your computer, you can give someone access to your Windows computer and if the access goes into the hands of a hacker, he or she can even inject malware. Some mainstream keyboard and computer peripheral brands such as Razer, SteelSeries, Das Keyboard, and Logitech have come under the radar for having zero-day vulnerabilities and security flaws in their software.
The security researcher jonhat found that when a Razer peripheral, e.g. a mouse, is plugged into a Windows 10 computer, a user can gain complete system privileges immaterial of the administrator status.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click
— jonhat (@j0nh4t) August 21, 2021
Now, if you are the owner of the PC, you shouldn’t have any issues but what if someone else, a hacker, gets access, an entry of malware through their hands is very much a possibility.
Another researcher at Bleeping Computer too testified a zero-day vulnerability with Razer Synapse software that comes with Razer devices, the likes of keyboards and gaming mice. Razer Synapse is software that enables users to map buttons, configure their hardware devices, and even set up macros. When they plugged in the Razer mouse, they were able to gain access to complete system privileges. What’s even alarming is the fact that Razer Synapse has a user base of over 100 million worldwide.
Similarly, SteelSeries Engine software which is used to change the program macros and lighting of SteelSeries keyboards can also be exploited by the way of Command Prompt. Using this, a user can gain complete admin ability.
Here Are Some More Details About The Security Flaw –
As reported by Security researcher Lawrence Amer, once the SteelSeries keyboard is plugged in, Windows 10 initiates the process of installation, and then subsequently a software installer pops up as mentioned below –
This software then first downloads yet another setup file SteelSeriesGG6.2.0Setup.exe and then places it in C:\windows\temp folder without giving the user any chance to select the folder wherein to save the contents of the aforementioned file. Security researcher Lawrence Amer also applied some query filters using Procmon (Sysinternals toolkits) to check if the application was loading any missing DLL/ EXE from user folders that normal users have access to but to no avail.
After the download process finished, another process started from C:\windows\Temp\ with SYSTEM level. The researcher tried to spawn a CMD attack by searching for a trick to choose a path to install, but unlike the Razer Synapse zero-day vulnerability, no track could be conducted. He also looked into the user agreement dialog box (License agreement) and clicked on a hyperlink that helped launch another process with the SYSTEM level.
When the marked hyperlink was clicked a dialog box appeared that asked to open the file using Default Host Applications or Internet Explorer and no other option was present. The researcher concluded that Internet Explorer could be used to save a web page into the computer and then by holding the Shift key and spawning CMD, SYSTEM level access can be gained.
SteelSeries has defended itself by saying that it is well aware of this vulnerability and it has disabled the launch of the SteelSeries installer that is triggered whenever you plug in a new Steelseries device. The spokesperson even said that they are working on a software update that could remove the issue permanently.
A Probable Protective Measure
A powerful security suite can be a great line of defense in the face of any zero-day vulnerability, immaterial of where they are coming from. Systweak Antivirus is one of the best Antivirus programs out there that can take all kinds of malicious threats that may attack your Windows 10 system.
Let’s know more about it!
What is Systweak Antivirus?
Systweak Antivirus is one of the best Antivirus utilities for Windows PC. It keeps your computers and laptops protected from all kinds of malicious threats such as zero-day vulnerabilities, ransomware, malware, and viruses.
Systweak Antivirus – Features At A Glance
- Real-time protection against various kinds of malicious threats whilst running in the background and without affecting the functionalities of your PC
- Multiple scan types – Quick, Custom, and Deep that ensure that malicious threat is removed even from the deepest corners of your PC
- Exploit protection
- Safe web browsing
- USB protection
How Can I Protect Computer From Zero-Day Vulnerabilities Using Systweak Antivirus
1. Download, install and run Systweak Antivirus
2. Click on the magnifying glass icon that you will be able to see on the left-hand side of the interface
3. Depending on how in-depth you want the virus scan to be, choose from Quick, Deep, and Custom scan
4. That’s it! if there is any possibility of threat on your PC or laptop, it will be removed
Zero-day exploits shouldn’t stop you from enjoying devices or applications but the need of the hour is to pay special caution when using them. For instance, you can keep your operating system upgrade or install a security suite that can patch any such vulnerability. For more such information, watch this space.