The official application for installing SteelSeries devices in Windows 10 can become a backdoor for someone to gain administrator privileges.
Exploitation of the bug is possible during procedure device setup, using a link on the License screen, which opens with rights SYSTEM. A SteelSeries device is not required to exploit the bug.
Η discovery comes after it was announced over the weekend that Razer Synapse software can be used to gain elevated privileges while connection Razer mouse or keyboard.
Playing with a recently acquired SteelSeries keyboard, the researcher Lawrence Amer (head of research team at 0xsp), discovered a privilege scaling vulnerability that allowed it to run the command line in Windows 10 with administrator privileges.
But SteelSeries software is not just for keyboards (Apex 7 / Pro). Installs and allows the configuration of mice (Rival 650/600/710) and headphones (Arctis 9, Pro) by the manufacturer. It even lets users control the RGB backlight on the QCK Prism gaming keyboard.
A SteelSeries device is not required for this attack to work. Researcher István Tóth published a script open source that can mimic human interface (HID) devices on an Android phone, especially for local privilege escalation (LPE).
Although an experimental version, the script can be used successfully on both Razer and SteelSeries devices.