A white-hat hacker recently discovered an odd exploit that allows a user to gain full administrative rights on Windows 10 just by plugging in certain Razer products and installing the company’s Synapse software. The trick works with other brands of mice, too; it turns out you can even get admin privileges using Apple hardware.
On the internet, a Twitter user revealed another similar exploit to Razer. The computer hardware company’s proprietary software gave itself system-wide privileges without asking for permission from the admin of that particular network.
This means someone can go into your workplace and plug in an unregistered wireless mouse dongle, install Synapse or SteelSeriesGG on their computers globally across all networks when they’re not around – potentially wreaking havoc if they mean harm against you personally or office efficiency as well!
Many people are not in any immediate danger from the new Razer USB. For a malicious user to plug this device into your PC, they would need physical access or spoof its unique ID and fool the computer’s system of belief that it is an authorized device (a process called “spoofing”).
If you think about it, if someone has stolen your laptop then there could be many things on it that might put you at risk for such attacks anyway!
Should you worry about it?
This all sounds rather worrying but how much danger does it actually put users in? A malicious user must have physical access to their target machine and either physically insert a Razer USB dongle or spoof its identification program so as to convince Windows/Mac OS X computers systems of authority. On desktop.
While you are away from your computer, be sure to lock the screen. There is a setting that will prevent Windows 10 from downloading custom hardware and software updates automatically (you may run into minor issues if this happens).
To disable it search for “Windows Device Installation Settings” in the Start menu where you can tell Windows not to download new drivers or manufacturer applications unless they’re signed by Microsoft.