There's a security flaw for Razer devices right now, and it's a pretty big one. Just having a Razer dongle can provide you with admin rights to any PC, so long as you know a thing or two about computers.
This security flaw comes courtesy of Twitter user jonhat (by way of Ready Paper Shotgun) who published the flaw online so it becomes widely known. It's a simple, replicable process that anyone can do so long as they have physical access to the computer they want to hijack.
Step one is to have a Razer device, either a mouse or keyboard. Step two is to plug that device into a computer you want admin access to. Windows Update will automatically download Razer's Synapse software, which is a cloud-based hardware configurator. The benefit of Synapse is that you can bring your hardware configuration with you wherever you go so you can use your Razer mouse/keyboard on any PC and it'll always behave the same.
Related: You Can Sign Up To Beta Test Razer's RGB Face Mask
The downside is that Windows Update grants Synapse admin privileges in order to give Razer users that consistency in performance. Since Synapse has admin privileges, it's possible to open a PowerShell window during its installation and input commands with admin rights. This basically lets you do whatever you want so long as you know how to input PowerShell commands.
Worse, Synapse leaves a file on the target PC so that the hacker can potentially regain access whenever they want without need a Razer mouse at all.
The good news is that thanks to jonhat, Razer is now aware of the issue and will have a fix for this exploit out “ASAP.” Razer also offered jonhat a bounty even though he published their security flaw online, which was nice of them.
In the meantime, be careful if someone wants to use a Razer mouse on your computer.
Next: The Ascent's Stunning Cyberpunk City Is One Of The Best Video Game Settings Of The Year
