SteelSeries Bug Can Grant Hackers Admin Rights on Windows 10

Similar to the recently discovered Razer Synapse vulnerability, the SteelSeries software bug has now emerged to threaten Windows users.

A recent bug found in the official app for SteelSeries devices can now grant full administrative control to anyone who plugs in a SteelSeries peripheral over a Windows 10 computer. This comes right after the discovery of the Razer Synapse bug with similar characteristics.

But how does this vulnerability grant administrative rights? And is SteelSeries doing anything to fix the bug?

How Does the SteelSeries Bug Work?

Lawrence Amer, a security researcher who recently discovered the Razer bug, also unearthed the SteelSeries vulnerability while playing with a SteelSeries keyboard which granted him administrative rights using the Command Prompt in Windows 10.

According to Amer, this bug can be leveraged during the initial device setup process using a link in the License Agreement screen that is opened with SYSTEM privileges.

This vulnerability is not limited to any one device but can be applied to all SteelSeries peripherals including mice, keyboards, headsets, and so on.

In fact, you don't even need an actual device to exploit the vulnerability as you can simply emulate a SteelSeries device that lets you launch the installation process without ever plugging in any hardware.

Related: How Do Emulators Work? The Difference Between Emulator and Simulator

Has SteelSeries Fixed the Bug?

So how can you protect yourself from this? The company has issued a statement regarding a fix:

“We are aware of the issue identified and have proactively disabled the launch of the SteelSeries installer that is triggered when a new SteelSeries device is plugged in. This immediately removes the opportunity for an exploit and we are working on a software update that will address the issue permanently and be released soon.”

In a nutshell, SteelSeries has fixed the exploit for the time being. Amer, however, is not too convinced and claims that one could still save the vulnerable signed executable file in the temporary folder which can then be played when plugging in a SteelSeries device or its emulation.

Do Not Share or Leave Your Device Unattended

With bugs like SteelSeries and Razer in the equation now, anyone with physical access to your Windows 10 device can potentially take full administrative control. Leaving devices unattended in public or sharing them with random people can also put you at risk of other vicious threats like phishing, malware injections, and Evil Maid attacks.

Never leave your device unattended and accessible to strangers because device security is just as important as software security.

About The Author