I was asking, "How can a Razer bug let you break into Windows? Is it a Razer device driver?" Yes. I'll just quote jonhat's tweet from the article:
Need local admin and have physical access?
- Plug a Razer mouse (or the dongle)
- Windows Update will download and execute RazerInstaller as SYSTEM
- Abuse elevated Explorer to open Powershell with Shift+Right click
Hah, I like that one. The other classic is Right Click -> New -> Shortcut -> cmd.exe in an explorer "open" window, typically one in an otherwise very locked-down environment.
This has recently got me service access on an old (but new in 2009!) ultrasound machine, for example, for getting raw data and dicom images off in a hurry when the proper authentication details were lost...
The real boss move was navigating a machine with a UI that involved a trackball, keyboard, touch screen(s), touch pad, weird array of custom buttons and a truely stupid menu system.
Configuring US machines is horrible.
But my major US machine rant is them burning metadata into the images (rather than displaying DICOM tags as an overlay). It’s is beyond ridiculous.
Exactly! MR ("my" modality) has it right -- raw data and reconned images are very, very different and although most raw data never ends up in a dicom the mere fact that you genuinely could reconstruct dramatically different bits of info (e.g. magnitude vs phase images) means that the vast expanse of the dicom spec is wide enough to encompass all possible metadata requirements.
US machines do a lot of fun physics on proprietary FPGAs. For inexplicable reasons, every one I've ever worked with or done echo with saves the images as some variation on a theme of screenshots, shoehorned badly into a dicom wrapper, with the metadata burned at 640x480 px (or similar) on top. Even for clever derived modes like doppler -- even for annotations showing things like cardiac E/E' or E/A. They are laptops with a custom pcmcia / pcie card and a 100k-UNIT_OF_CURRENCY price tag, inevitably running a shitty OS with a shittier custom UI...
MRI is my modality of choice too. I’m currently loving most of what Siemens is up to (with some notable exceptions).
The hell of US knows no bounds. Most modalities calibrate a display and then display images (with varying degrees of post processing). US calibrates the screen, sometimes with each boot or even each probe change. Their black levels are abysmal.
> saves the images as some variation on a theme of screenshots
GE has a habit of making DICOMs from screen grabs. I’ve seen it on their PET, CT and MR systems. It causes irritating problems - like reference lines won’t work so you can’t cross reference.
Wow! What a trip down memory lane, I actually remember figuring this one out when I was.. dating myself here[1], about 7 years old, I really wanted to play my Thinking Things Collection 3.[2]
When I inevitably got caught I remember my dad let me have my own user, but put some sort of further time-restriction software on the PC, no idea what it was, but I figured out that if I timed Ctrl-Alt-Delete at just the right time during the start cycle, I could, if I worked fast enough, end the process before it locked me out of login. XD
Oh to be a 90s kid.
[1] to be fair though we didn't update Windows immediately on release and never had '98.
I remember our school administrator used to delete all our silly images we'd made with paint on the school PCs. We asked why but never got a good answer.
I figured out that putting a certain character in front of a file name made it not show up in explorer. So I did that to a folder in my home directory and put all my stuff there, accessing them from the command line instead. Never had them deleted, again.
Apart from the security issue, it's really annoying, too. Say you refuse to install the Razer device driver - after all the mouse will largely work fine without it thanks to HID. Every time you plug the mouse in, Windows re-runs the driver installer.
I just got a Razer Kiyo webcam, excellent stuff, but I had to open regedit to get it to stop asking me if I want to install additional software every time I plugged it in or rebooted.
It works fine without it, but whoever programmed this thing has never heard of a "No, and Don't Ask Me Again" Button.
In regedit, F3 for razerinstaller and add a DWORD key "Start" with value "4" .
(It wouldn't help to scan the filesystem, since the way the vulnerability works is that the driver will be automatically downloaded and run when a peripheral's plugged in.)
