The exploit was discovered by offensive security researcher Lawrence Amer, who was encouraged by the zero-day vulnerability discovered by another security researcher in the plug-and-play installation mechanism of Razer mice that also helped elevated privileges.
Having wondered if the same can be achieved with other devices, Amer found that the plug-and-play installation mechanism of SteelSeries devices was also exploitable.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
- We've put together a list of the best endpoint protection software
- Here's our choice of the best malware removal software on the market
- Check our list of the best firewall apps and services
“Since the process wrapper of this software is running with SYSTEM privileges, the attacker could abuse the installation path to launch a prompt command with the same permission,” explains Amer as he details the exploit.
Detailing the process, Amer notes that he tried a couple of things before he discovered that he could get elevated privileges during the SteelSeries keyboard setup process, using a link in the License Agreement screen that is opened with SYSTEM privileges.
More worryingly, BleepingComputer reports that threat actors can replicate this behaviour even without using a real SteelSeries device, thanks to a script written by penetration testing researcher István Tóth, which can be used to mimic human interface devices (HID) on Android phones.
Designed specifically for testing local privilege escalation attacks, the script can successfully emulate both Razer and SteelSeries devices.
After Amer published his research, Tóth posted a video on Twitter showing that the exploit could be replicated on devices virtualized by his script.
For their part, SteelSeries told BleepingComputer that it was aware of the research, because of which it has now disabled automatically launching the installer when a device is plugged.
"This immediately removes the opportunity for an exploit and we are working on a software update that will address the issue permanently and be released soon,” said the SteelSeries spokesperson.
- Protect your devices with these best antivirus software