The official application for installing SteelSeries devices in Windows 10 can become a backdoor for someone to gain administrator privileges.
Its utilization erroris possible during the device setup process, using a link on the License screen, opened with SYSTEM rights. A SteelSeries device is not required to exploit the bug.
The discovery comes after it was announced at the weekend that Razer Synapse software could be used to gain increased privileges when connecting a Razer mouse or keyboard.
Playing with a recently acquired SteelSeries keyboard, the researcher Lawrence Amer (head of research team at 0xsp), discovered one vulnerability privilege escalation that allowed him to run Command Prompt in Windows 10 with administrator rights.
SteelSeries software isn't just for keyboards (Apex 7/Pro) though. Installs and enables configuration of mice (Rival 650/600/710) and headphones (Arctis 9, Pro) from the manufacturer. It even allows to users control the RGB lighting on the QCK Prism gaming keyboard.
A SteelSeries device is not required for this attack to work. Researcher István Tóth published a script open source that can mimic human interface (HID) devices on an Android phone, especially for local privilege escalation (LPE).
Although an experimental version, the script can be used successfully on both Razer and SteelSeries devices.