There’s another new Windows 10 alert to watch out for and until it’s fixed you might want to make sure nobody goes near your PC. The latest threat is scarily simple with hackers able to take full control of a computer simply by plugging in an accessory, such as a mouse, made by Razer. This hardware firm is one of the most popular on the planet with its bold and brash peripherals going down particularly well with the gaming community.
The shock bug was discovered by a researcher called jonhat who noticed that it was easy to access the highest level of permissions in Windows 10 when plugging in a Razer device for the first time. When a mouse is placed into the USB port Windows 10 automatically starts to run the Razer Synapse software to help get things connected.
This is meant to open up access to the system for a short period of time whilst it installs but jonhat found that it was simple to switch things and give anyone with the know-how full access to the system privileges.
It’s about as serious as it gets with anyone targeting the flaw then able to change settings, passwords and even install software including malware.
Posting his discovery on Twitter jonhat said: “Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click.”
To help back up the claims, the team at Bleeping Computer tried the hack and confirmed that they were able to access full permissions within a matter of minutes.
After his findings were published online Razer has been quick to respond with the firm now working hard on a fix.
Speaking to TechRadar Pro a spokesperson said: “We were made aware of a situation in which our software, in a very specific use case, provides a user with broader access to their machine during the installation process.
“We have investigated the issue, are currently making changes to the installation application to limit this use case, and will release an updated version shortly.”
Clearly, someone getting access to full system privileges by simply plugging in a mouse is pretty scary.
However, this is not a remote attack and the hacker will need physical access to a PC to initiate the attack.
So, as long as you don’t leave your laptop on the bus you should be fine.