A major security risk was exposed for Windows 10 and 11 computers this weekend. An intruder only needs a computer mouse or keyboard from Razer to gain full control of a computer if they get physical access to it.
When the mouse or keyboard is connected to the computer, Razer’s support software Synapse will be automatically installed by Windows. The program basically allows you to customize the accessories with lights, keyboard shortcuts, and more. After the Synapse program is installed, even people with very basic computer knowledge will quickly be able to get access and do whatever they want on the computer.
All they have to do is right-click in Windows Explorer while holding down the “Shift” key. They can open Windows PowerShell, and run commands freely as an administrator, even if your account is limited as a local user. With administrator access, unauthorized persons can install programs that monitor the activity on the machine, find your passwords, track you, and more.
After the Twitter user jonhat ” j0nh4t ” went public this weekend with the procedure for exploiting the security hole, Razer told him that they are working on a fix, though no timeline was given for when it’ll arrive. Razer also offered him a reward for spotting this issue and bringing it to their attention.
It is not known if other accessory manufacturers that also use Windows to install software for themselves are affected by a similar security challenge as Razer’s Synapse software. The best you can do is to not leave it open when you are out and always lock it with a password If you are concerned about the security of your computer.