Windows 10's security was thwarted yet again, this time by SteelSeries peripherals

Steel Series gaming mouse in front of Windows 10 background
(Image credit: SteelSeries)

Recently, a white hat hacker discovered an odd exploit which allows you to give yourself full admin rights on a Windows 10 PC just by plugging in a Razer mouse and installing Razer Synapse. It turns out it's not just Razer products that can do this, though.  

Your next upgrade

(Image credit: Future)

Best CPU for gaming: the top chips from Intel and AMD
Best graphics card: your perfect pixel-pusher awaits
Best SSD for gaming: get into the game ahead of the rest

Twitter user @zux0x3a discovered a similar exploit with SteelSeries headsets, mice, and keyboards. Like with the Razer products, the problem lies with the hardware's proprietary software that gives itself system-wide privileges without asking for the system administrator's permission. Theoretically, someone could go to your workplace PC when you're not around and plug in the dongle for a wireless Razer or SteelSeries mouse, install Synapse or SteelSeriesGG, and gain full system privileges, which could wreak havoc on a corporate network if they mean to do harm.

Initially, the fault was thought to be with Razer or SteelSeries. But as Tom's Guide points out, this is more of a Windows issue: It can't distinguish between hardware drivers (things that usually don't need admin permissions) and peripheral software (which do). 

For the moment, the recommendation if you want your PC to be locally secure (this only works if someone has physical access) is to make sure your screen is locked while you're away, and to find the Windows Device Installations Settings prompt (search for it from the Start menu) where you can tell Windows not to automatically download hardware manufacturer apps and custom icons. (With that setting turned off, you may run into minor issues the next time you plug in a new device.)

A spokesperson for SteelSeries told to our friends over at Tom's Guide:

"We are aware of the issue identified and have proactively disabled the launch of the SteelSeries installer that is triggered when a new SteelSeries device is plugged in. This immediately removes the opportunity for an exploit, and we are working on a software update that will address the issue permanently and be released soon."

Jorge Jimenez
Hardware writer, Human Pop-Tart

Jorge is a hardware writer from the enchanted lands of New Jersey. When he's not filling the office with the smell of Pop-Tarts, he's reviewing all sorts of gaming hardware, from laptops with the latest mobile GPUs to gaming chairs with built-in back massagers. He's been covering games and tech for over ten years and has written for Dualshockers, WCCFtech, Tom's Guide, and a bunch of other places on the world wide web.