Peripherals
Peripherals. Your keyboard, mouse, drawing pad, Apple Pen, game controller, and more are considered peripherals. Peripherals, by their nature, don’t have much computer power inside them – generally, they have just enough to do their job and not more. In terms of hacking, they aren’t quite as vulnerable as IoT items because they’ve been in the computer world for much longer.
That doesn’t mean that it’s impossible, it just means that other targets are often easier – and other methods, such as hiding a hacking device in a corded mouse’s plug in a la the Juice Jacker are easier than trying to get in on a device’s protected Bluetooth connection.
However, some peripheral devices require things like drivers. Drivers are programs that give the computer instructions for how the device is supposed to work. A computer won’t know how a specific drawing tablet works until that drawing tablet is hooked up and the drivers downloaded, and a Dell won’t understand the Apple Pen without it’s related software. However, most mice and most keyboards don’t take any drivers because they’re so common that computer manufacturers assume they’re a given, and so the instructions for how the computer is meant to interpret the commands are already programmed in. It’s why you can just plug and go for most Bluetooth mice.
In this case, Razer’s mouse was so complicated that it took a driver to use to its fullest extent. It could change the color of its internal LEDs, and the computer didn’t have the built-in instructions to understand those commands. Downloading that driver is what presents the vulnerability!
The Flaw
Razer’s mouse doesn’t magically make the user an admin just by plugging it in – the end user still has to know what they’re looking at. The way Razer peripherals work, plugging one in downloads the drivers that specific device needs. To do so, it opens up a Wizard, and if you catch it when it asks you where you want to save the file, you can (or could) left-click and open PowerShell. Now you have access to PowerShell, one of Microsoft’s automation and task frameworks, without needing to get the administrator’s permission first. And PowerShell has admin privileges by its nature! Now that it’s been opened up, even previously limited or restricted profiles can access and change settings within the computer as though it were an admin, something it couldn’t have done without Razer’s Wizard.
This is a pretty big flaw.
The issue is that the file’s set-up is asking the user where they want to put their file, instead of stuffing it in the drive in its own folder or on the desktop by default, like many programs do. Or, alternatively, the computer shouldn’t have allowed the driver + Wizard download without admin permission in the first place!
This is a big flaw. However – it also means that any malicious user would still have to get access to the computer, either physically or remotely, so while it’s a vulnerability if the person with the driver is in the physical location of an unlocked, open computer (or manages to scam their way into remote control of one), it’s not necessarily time to toss the Razer mice.
Razer
Razer peripherals are generally marketed towards gamers, but they can be used as regular device peripherals too. They’re sort of expensive to buy as just a mouse, and their especially great precision is designed for games, not Excel sheets, so many people (and many businesses) would prefer to use something lighter and cheaper for their office computers. Why bring an 18-wheeler to something if a simpler pickup truck will do the trick, right? The same goes for their gaming chairs, computers, keyboards, etc. – if something is perfectly designed for gaming, it can also do office stuff, but that would look and feel sort of ridiculous.
Razer’s whole image is the scorpions and snakes, green and black, Matrix, high-tech imagery. They may occasionally sell multipurpose stuff, but their marketing is overwhelmingly towards gamers, promising them the top-of-the-line peripherals with accuracy and speed that plain Dell or third-party peripherals can’t always deliver.
The company knows this. Razer, understanding that their main function is ease-of-use and not security, may overlook basic security flaws every once and a while, and I don’t really blame them for missing something like this while testing – after all, Windows itself should have protested the download, too, right?
Sources:
https://lifehacker.com/you-can-gain-admin-privileges-to-any-windows-machine-by-1847537634
https://www.fcc.gov/juice-jacking-dangers-public-usb-charging-stations