SteelSeries app exploit needs physical access, doesn’t need a device
It seems that the razer is a rather simple zero-day vulnerability has opened a canned worm which can force the accessory maker to rethink and reprogram their accompanying software. As one of the security researchers, vulnerabilities can be found in other peripherals who also install their own helper applications, including those from Steelseries popular brands. While the same physical access to Windows computers is still needed, Steelseries vulnerability has the potential to be worse because it doesn’t even need a Steelseries device to trigger it.
In the heart of vulnerability is the way accessory makers such as Razer and Steelseries install utility software after plugging in the mouse, keyboard, or other peripherals. The software installer itself runs with the privilege of the system, but also has a detour which will ultimately allow the attacker to open the command prompt or instance of PowerShell with the same system access. That, in turn, will allow the attacker to do almost all things with the computer, including installing malware.
Lawrence Amer from 0xSP found that Steelseries software installers submitted in the same vulnerability. The process is slightly different and longer because the attacker must first see the license agreement in the browser, try to save a web page, and then launch PowerShell from the file dialog that appears. However, other security researchers found that it was possible to falsify Steelseries products, so you didn’t even need to connect anything.
The Android script can actually be used to mimic new steelseries devices that will trigger the entire process. While the script can be used to also disguise the telephone as peripheral razer, computer bleeping says that the process does not trigger a razer vulnerability because it does not require user interaction at all.
Again, physical access to a Windows computer without a desktop key is required for this vulnerability to be exploited, so it’s not a terrible scenario similar to the Bug Printnightmare recently. That said, it revealed the notion that the developer had made the application installer written, and hopefully, they had prepared improvements for this before someone appeared by way of exploiting it.
