Getting Razer Burns from Android Phone-ies
when: Sat, 13 Nov 2021 13:45:00 +1300
where: The Michael Fowler Centre
On a lazy afternoon, I came across a Tweet that caught my attention. It was a demonstration of a local privilege escalation vulnerability that is possible when plugging in a Razer device to any Windows machine.
Whilst the vulnerability itself is very cool, some further discussion about the possibility of spoofing a USB device so that Windows identifies it as a Razer product is what really caught my eye. Intrigued, I decided to go about doing this using my old Android mobile to see if this was possible.
Along the way, I learned a lot about how USB devices are configured, how Windows interprets USB devices and how third-party drivers and packages are installed when they are first plugged in. I also learned how to spoof USB devices to control the behavior of Windows in a variety of different ways. Most importantly, I came to understand that this is not a vulnerability exclusive to Razer devices, and is rather a fundamental flaw in the way Windows handles all USB device installations.
My full time job is talking absolute nonsense and laughing at my own jokes, but I also try to do security stuff on the side.