A vulnerability in Lenovo webcams that run on Linux can be exploited remotely, allowing for potential BadUSB attacks.

Cybersecurity researchers have identified vulnerabilities in specific Lenovo webcam models that could enable them to function as BadUSB attack devices. This discovery allows remote attackers to covertly inject keystrokes and launch attacks that operate independently of the host operating system. The vulnerabilities, referred to as BadCam, were detailed in a report by Eclypsium researchers Paul Asadoorian, Mickey Shkatov, and Jesse Michael, and were presented at the DEF CON 33 security conference. This marks a significant development, as it demonstrates that threat actors can weaponise a Linux-based USB peripheral already connected to a computer for malicious purposes.

In a potential attack scenario, an adversary could exploit this vulnerability by sending a victim a backdoored webcam or attaching it to a computer if they gain physical access. Once compromised, the webcam can be remotely controlled to execute commands that facilitate post-exploitation activities. BadUSB attacks, first showcased by researchers Karsten Nohl and Jakob Lell at the 2014 Black Hat conference, exploit inherent vulnerabilities in USB firmware, allowing attackers to discreetly execute commands or run malicious software. Unlike traditional malware, which resides in the file system and can often be detected by antivirus tools, BadUSB operates at the firmware level, making it more challenging to identify. The latest findings from Eclypsium indicate that Linux-powered webcams, initially designed for benign use, can be transformed into vectors for BadUSB attacks, representing a notable escalation in cybersecurity threats.