Scary Razer hack turns your gaming mouse into a Windows 10 security flaw

Razer Orochi V2 review
(Image credit: Rami Tabari)

Your Razer gaming mouse could be turned into a weapon against Windows 10 PCs. 

As reported by BleepingComputer, a zero-day flaw in the Razer Synapse software grants Windows admin privileges to anyone who plugs their Razer mouse or keyboard into a Windows 10 laptop or desktop. 

Used by more than 100 million users, Razer Synapse is a program that lets you customize your gaming accessories. It was made so you could set macros, assign buttons, and change your RGB lighting — now it can help a bad actor effectively gain control of someone's computer.

See more

The software vulnerability was discovered by security researcher jonhat who disclosed the bug on Twitter after informing Razer and not receiving a response. According to jonhat, after a Razer mouse is plugged in, the PC in use will automatically download and execute the Razer Synapse software. Because it is launched by a process with SYSTEM privileges, those privileges are inherited by Synapse. 

As you're manually choosing which folder to install the Synapse software in, there is a way to open a PowerShell window. The software install with heightened privileges will then hand over those privileges to PowerShell during the download process. At this point, the Razer mouse owner could execute any desired command and install malicious programs.

Even more concerning is that Will Dormann, a vulnerability analyst at CERT/CC, believes similar bugs will be found in other software that use the Windows plug-and-play process. 

Razer working on a fix

The zero-day vulnerability spread like wildfire across social media before getting the attention of Razer. The company told jonhat that it is working on a fix, though no timeline was given for when it'll arrive. 

Although the vulnerability was publicly disclosed, Razer offered jonhat a bounty for bringing this troubling flaw to their attention. 

Phillip Tracy

Phillip Tracy is the assistant managing editor at Laptop Mag where he reviews laptops, phones and other gadgets while covering the latest industry news. After graduating with a journalism degree from the University of Texas at Austin, Phillip became a tech reporter at the Daily Dot. There, he wrote reviews for a range of gadgets and covered everything from social media trends to cybersecurity. Prior to that, he wrote for RCR Wireless News covering 5G and IoT. When he's not tinkering with devices, you can find Phillip playing video games, reading, traveling or watching soccer.