A latest “hack” involving a Razer mouse reveals what can occur if a brand new piece of {hardware} mechanically downloads the required utility software program: It will possibly enable an attacker to take over a PC.
Late final week, safety researcher “j0nh4t” confirmed that the RazerInstaller utility might be used to raise privileges on a PC, giving an attacker complete management. Primarily, all a person would want to do is connect a Razer mouse, look forward to Razer’s utility software program to obtain, after which run PowerShell. Utilizing the method that jonh4t described in his tweet, a visitor account on a PC may acquire administrator standing and management the PC.
To be truthful, anytime an attacker has bodily management of a PC, you’re in danger—which means the hacker is both seated at your desk or has stolen your laptop computer. The researcher additionally reported that Razer is busy engaged on a patch.
It’s not clear, nonetheless, whether or not Razer will tackle the elemental problem: Sure, it’s handy for Razer to mechanically push its utility to your PC. Then again, when that occurs, you by no means fairly know what your PC will obtain. (Shield your self through the use of PCWorld’s really helpful antivirus packages.) Asking the person to obtain Razer’s utility, reasonably than doing it for them, could be a step towards fixing that drawback.
Source link
