A new vulnerability in how Razer computer mice implement themselves into a PC system has the potential to become an entry point for hackers.
The news broke after a Twitter hacker identifying themselves as "jonhat" (@j0nh4t) uploaded a video exploiting the software. We won't link it here for security reasons, but essentially jonhat abused the way the company's mouse handles downloading its appropriate drivers from the internet. The mouse automatically downloads its files as the "SYSTEM" account—or, simply, an account with unlimited access. Jonhat hijacked this process to give themselves administrative privileges.
Razer Mouse Software Could Let In Hackers, Source Says
The video was originally uploaded on Saturday, Aug. 21, upon which jonhat reached out to Razer to alert them to the exploit. Razer did not issue a response to jonhat until the following day on Aug. 22—just over 24 hours later. According to jonhat, Razer explained that their "security team is working on a fix ASAP."
The company offered a bounty for finding the issue as well.
At the time of writing, however, a fix still has not been issued. Although, a few replies to jonhat's video did point out that the problem wasn't just with Razer's software. Other similar applications that take advantage of the automatic download prompt are also in danger. Razer may not be the only one who needs to give the process a facelift.
Most say the easiest fix is to simply remove the automatic download and instead redirect users to a site where they need to manually install the drivers. Whether Razer goes this route, however, remains to be seen.