Redazione RHC : 11 August 2025 09:19
Researchers at Eclypsium have identified dangerous vulnerabilities in the Lenovo 510 FHD and Lenovo Performance FHD webcams that can be transformed into BadUSB attack devices. The issue, dubbed BadCam, was presented at DEF CON 33. Experts emphasize that this is the first documented case in which a Linux device already connected to a computer can be remotely reprogrammed and used as a malicious USB device.
BadUSB attacks have been known since 2014, when Karsten Nohl and Jakob Lell demonstrated the ability to modify the firmware of USB devices to silently execute commands and launch malicious code. Unlike traditional malware stored in the file system, these attacks operate at the firmware level, making them virtually invisible to antivirus software. These devices can emulate a keyboard, intercept input, install backdoors, redirect traffic, and steal data.
In the scenario described by the researchers, an attacker can send a compromised webcam to the victim or physically connect it to a computer, then remotely take control of it. The device then begins acting as a HID emulator or additional USB device, issuing commands, sending payloads, and injecting itself into the system, while retaining the functionality of a regular camera. Furthermore, a camera modified in this way can reinfect a computer even after reinstalling the operating system.
The vulnerability is caused by the lack of firmware authentication and the presence of USB Gadget support in Linux. This allows the device’s software to be completely compromised. After the issue was discovered in April 2025, Lenovo released a firmware update to version 4.8.0 and, in collaboration with SigmaStar, prepared a tool to fix the flaw.
Experts point out that this attack demonstrates a dangerous flaw in the trust model: both business and home systems often automatically trust peripherals that can execute code and accept remote instructions. Vulnerable devices can pose a threat not only to the computer you’re using, but also to any other computers they’re subsequently connected to.
Redazione