Cyber security researchers have revealed weaknesses in select model webcams from Lenovo that can convert them into badusb attack equipment.
“This allows remote attackers to secretly inject keystrokes and launch independent attacks from host operating systems,” Eclipsium researchers Paul Asaddyian, Mickey Shaatatov and Jessie Michael said in a report shared with hacker news.
The weaknesses have been named Badcam by the firmware security company. The conclusions were presented at the DEF Con 33 Security Conference today.
The possibility of development is the first time that it has been displayed that the danger actor who gains control over a Linux-based USB peripheral, which is already connected to the computer can make it a weapon for malicious intentions.
In the scenario of an imaginary attack, an opponent can take advantage of vulnerability to send a backdoor web camera to an opponent, or attach it to a computer if they are able to secure physical access, and issue commands to compromise with computers to meet the post-exclusive activity from remotely.
The BADUSB, 2014 Black Hat Conference displayed a decade ago by security researchers Carston Nohle and Jacob Lale, a decade ago, an attack that exploits an underlying vulnerability in the USB firmware, essentially to restrain the command on the victim’s computer.
“Unlike traditional malware, which remains in the file system and can often be detected by antivirus tools, the badusb remains in the firmware layer,” Ivanti noted in the interpretation of the threat published later last month. “Once you are connected to a computer, a badusb device can: simulate a keyboard to type malicious commands, install back door or keloggers, redirect internet traffic, [and] Exfiltrate sensitive data. ,
In recent years, Google-owned Mandiants and the US Federal Bureau of Investigation (FBI) have warned that the financially motivated threats tracked as Fin7 have resorted to USB to reconcile USB equipment “Badusb”, US-based organizations “Badusb”, to give diseloder.
The latest discovery of the eclypsium suggests that a USB-based peripheral, such as Linux-run webcam, which was not initially intended to be malicious, may be a vector for a badusb attack, marking a significant growth. In particular, it has been found that such devices can be kidnapped from distance and can ever be transformed into badusb devices without physically unplaced or replaced.
“An attacker who receives remote code execution on a system can reopen the firmware of an attached Linux-Interested Webcam, reproduces it to behave it as malicious HID or reproduce it to recommend additional USB devices,” the researchers explained.
“Once armed, it appears that the spontaneous webcam can inject the keystrokes, distribute malicious payloads, or serve as a leg for deep persistence while maintaining the external appearance and main functionality of a standard camera.
In addition, actors with the ability to modify the webcam firmware can achieve a large level of perseverance, allowing them to re -infect the afflicted computer with malware, even erased and the operating system is re -installed.
Lenovo 510 FHDs and Lenovo’s performance In FHD webcams are related to how devices do not validate firmware, resulting in a complete agreement of camera software through bad-style attacks, they run linax with USB gazette support.
After disclosure responsible with Lenovo in April 2025, the PC manufacturer has released the firmware update (version 4.8.0) to reduce the weaknesses and worked to release a device with the Chinese company Sigmastar that plugs the problem.
“This first-its kind attack throws light on a subtle but depth-flourished vector: enterprises and consumer computers often rely on their internal and external external devices, even when they are able to run peripheral their own operating system and accept distance instructions,” Ecuilipsium said.
“In terms of Linux webcam, non -rated or poorly protected firmware allows an attacker not only for the hosts, but also to host any future, which connects the camera, propagates infection and increase traditional controls.”
