Security researchers have uncovered a concerning vulnerability that transforms everyday USB webcams into covert attack tools capable of injecting malicious keystrokes and executing unauthorized commands on connected computers.
This groundbreaking discovery represents the first documented case of weaponizing USB devices already attached to systems that were not originally designed for malicious purposes.
Researchers Jesse Michael and Mickey Shkatov from Eclypsium presented their findings at DEF CON 2025, demonstrating how specific Lenovo webcam models running Linux can be remotely compromised and converted into BadUSB attack devices.
The vulnerability affects Lenovo 510 FHD and Lenovo Performance FHD webcams manufactured by SigmaStar, which utilize ARM-powered System-on-Chip processors running full Linux operating systems.
The BadUSB Threat Landscape
BadUSB attacks exploit fundamental trust relationships between computers and USB peripherals by reprogramming device firmware to masquerade as human interface devices (HIDs).
First demonstrated at Black Hat 2014, these attacks have evolved significantly, with hardware platforms like Hak5 Rubber Ducky and Flipper Zero enabling sophisticated USB-based exploits that often bypass traditional antivirus software.
Unlike traditional BadUSB attacks requiring physical device replacement, attackers can now remotely hijack Linux-powered webcams already connected to target systems, transforming them into persistent attack vectors while maintaining their original camera functionality.
Technical Vulnerability Details
The core vulnerability stems from missing firmware signature validation in affected webcams. These devices use SigmaStar’s SSC9351D ARM Cortex-A7 dual-core processor with embedded DDR3 memory, running Linux with USB Gadget support.
This Linux USB gadget feature allows devices to present themselves as various USB peripherals, including keyboards or network adapters, to host computers.
Attackers can exploit this by sending specific commands over USB to erase and rewrite the webcam’s onboard SPI flash memory, achieving complete device compromise.
The research revealed that firmware updates involve straightforward command sequences that directly write new firmware without validation, enabling malicious code injection.
Two primary attack paths exist: physical installation of pre-compromised webcams or remote infection of existing devices through system compromise.
Once weaponized, these webcams can re-infect host computers even after complete operating system reinstallation, providing unprecedented persistence capabilities.
The vulnerability’s scope may extend beyond the tested Lenovo models, as other manufacturers produce Linux-based USB peripherals with similar hardware platforms and potentially identical security flaws.
Lenovo has collaborated with SigmaStar to address the vulnerability, releasing updated firmware installation tools with proper signature validation.
Users of affected webcams should visit Lenovo’s support website to obtain security updates that mitigate these vulnerabilities. The company has made firmware version 4.8.0 available for both affected models through their official support channels.
This discovery highlights the expanding attack surface in modern computing environments, where trusted peripherals can become sophisticated attack vectors requiring vigilant security practices and regular firmware updates.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
Source link
