Popular Gaming Company Has An Installation Software Server Vulnerability
You may not be familiar with the name "SteelSeries" unless you're a gamer.
The company makes an exceptional line of gaming gear including keyboards, mice, and gaming headsets.
If you buy one of their devices you will undoubtedly use the company's app to install and configure your new gear.
Unfortunately, the app has a bug that can be exploited by hackers to take full control of your system. You don't even need to actually own a SteelSeries device although it is unlikely that you'd install the app if you didn't have one.
The bug was discovered by a researcher named Lawrence Amer. He began investigating the SteelSeries installation app after hearing about a similar bug that impacted the Razer Synapse software. The theory was that since the two companies made similar products, their installation apps may suffer from similar weaknesses and limitations. That theory proved to be absolutely correct.
A spokesperson for SteelSeries had this to say about this issue:
"We are aware of the issue identified and have proactively disabled the launch of the SteelSeries installer that is triggered when a new SteelSeries device is plugged in. This immediately removes the opportunity for an exploit and we are working on a software update that will address the issue permanently and be released soon."
This is a somewhat exotic attack that won't impact a huge number of consumers so your risk is relatively low. Low risk is still greater than no risk, however. If you're a gamer just be aware that these issues exist and keep an eye out for the coming patch. The company hasn't released an ETA yet so we don't know for sure when it's coming but we know that it is.
Kudos to Mr. Amer for his keen eye and to SteelSeries for their prompt attention to the matter.
Join the Conversation