Eclypsium researchers uncovered vulnerabilities in Lenovo webcams, dubbed BadCam, that can be weaponized into BadUSB devices to inject keystrokes and launch OS-independent attacks. This demonstrates a new threat where remote hijacking of Linux-based USB peripherals can lead to persistent and stealthy cyberattacks. #BadCam #LenovoWebcams
Keypoints
- Researchers found that Lenovo webcams running Linux are vulnerable to firmware hijacking.
- BadUSB exploits allow attackers to reprogram firmware and turn webcams into malicious HID devices.
- Attackers can remotely flash compromised webcams with malicious firmware, even after system reinstallations.
- Lenovo responded by releasing an update with signature validation to address these vulnerabilities.
- The findings highlight the need for firmware signing and better hardware trust models in cybersecurity.