Ethical Hacking News
Researchers at Eclypsium have discovered a vulnerability in select model webcams from Lenovo that can be exploited to turn them into BadUSB attack devices, highlighting the growing concern surrounding USB-based peripherals and the need for manufacturers and consumers to take proactive measures to protect against such threats.
Researchers at Eclypsium discovered a vulnerability in select Lenovo webcams that can be exploited for BadUSB attacks.The vulnerability, codenamed "BadCam", relates to how Lenovo webcams running Linux with USB Gadget support do not validate firmware.An attacker can remotely hijack a webcam device and transform it into a BadUSB device without physical unplugging or replacement.Weaponized webcams can deliver malicious payloads, inject keystrokes, serve as a foothold for deeper persistence, or exfiltrate sensitive data.Threat actors with firmware modification capabilities can achieve greater persistence and re-infect victim computers even after a reinstallation of the operating system.
Linux-Based Lenovo Webcams' Flaw Can Be Remotely Exploited for BadUSB Attacks
In a disturbing revelation that highlights the ever-evolving nature of cybersecurity threats, researchers at Eclypsium have discovered a vulnerability in select model webcams from Lenovo that can be exploited to turn them into BadUSB attack devices. This latest development underscores the growing concern surrounding the risks associated with USB-based peripherals and the need for manufacturers and consumers alike to take proactive measures to protect against such threats.
The discovery was made public at the DEF CON 33 security conference, where the Eclypsium researchers presented their findings. The vulnerabilities in question have been codenamed "BadCam" by the firmware security company, and they relate to how Lenovo webcams running Linux with USB Gadget support do not validate firmware.
According to Paul Asadoorian, Mickey Shkatov, and Jesse Michael, the researchers who discovered this vulnerability, it is possible for an attacker to remotely hijack a webcam device and transform it into a BadUSB device without ever being physically unplugged or replaced. This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system.
The implications of this discovery are far-reaching and unsettling. For instance, once a webcam has been weaponized using this method, it can be used to deliver malicious payloads, inject keystrokes, serve as a foothold for deeper persistence, or even exfiltrate sensitive data while maintaining its outward appearance and core functionality as a standard camera.
Furthermore, threat actors with the ability to modify the firmware of a Lenovo webcam can achieve a greater level of persistence, allowing them to re-infect a victim computer with malware even after it has been wiped and the operating system is reinstalled. This highlights the significant escalation in the threat landscape surrounding BadUSB attacks.
The development also underscores the importance of responsible disclosure and collaboration between researchers, manufacturers, and regulatory bodies. In this case, Lenovo took steps to address the vulnerability by releasing firmware updates (version 4.8.0) that mitigate the vulnerabilities, and collaborated with SigmaStar to release a tool that plugs the issue.
"This first-of-its-kind attack highlights a subtle but deeply problematic vector: enterprise and consumer computers often trust their internal and external peripherals, even when those peripherals are capable of running their own operating systems and accepting remote instructions," Eclypsium said in a statement.
"In the context of Linux webcams, unsigned or poorly protected firmware allows an attacker to subvert not just the host but also any future hosts the camera connects to, propagating the infection and sidestepping traditional controls."
The findings also resonate with the broader context surrounding BadUSB attacks. First demonstrated over a decade ago by security researchers Karsten Nohl and Jakob Lell at the 2014 Black Hat conference, BadUSB is an attack that exploits an inherent vulnerability in USB firmware.
Unlike traditional malware, which lives in the file system and can often be detected by antivirus tools, BadUSB lives in the firmware layer. This allows it to execute malicious commands or run programs on the victim's computer without being easily detectable.
The discovery of vulnerabilities in Lenovo webcams also echoes recent warnings from Google-owned Mandiant and the U.S. Federal Bureau of Investigation (FBI) regarding the FIN7 threat group, which has resorted to mailing U.S.-based organizations "BadUSB" malicious USB devices to deliver malware called DICELOADER.
As cybersecurity threats continue to evolve at an unprecedented pace, it is essential for manufacturers, consumers, and regulatory bodies to remain vigilant and proactive in addressing these emerging risks. The discovery of vulnerabilities in Lenovo webcams highlights the need for greater awareness and vigilance surrounding the use of USB-based peripherals and the importance of keeping firmware up-to-date.
In conclusion, the recent revelation about the vulnerability in select model webcams from Lenovo underscores the growing concern surrounding BadUSB attacks and the need for manufacturers and consumers to take proactive measures to protect against such threats. As the threat landscape continues to evolve, it is essential to remain vigilant and proactive in addressing emerging risks and ensuring the security of our digital lives.
Researchers at Eclypsium have discovered a vulnerability in select model webcams from Lenovo that can be exploited to turn them into BadUSB attack devices, highlighting the growing concern surrounding USB-based peripherals and the need for manufacturers and consumers to take proactive measures to protect against such threats.
Related Information:
https://www.ethicalhackingnews.com/articles/A-New-Layer-of-Malice-The-Evolving-Threat-of-BadUSB-and-the-Unpatched-Vulnerabilities-of-Lenovo-Webcams-ehn.shtml
https://thehackernews.com/2025/08/linux-based-lenovo-webcams-flaw-can-be.html
Published: Sat Aug 9 15:30:43 2025 by llama3.2 3B Q4_K_M
