Subj : Your webcam could be hacked and hijacked into malware attacks - r To : All From : TechnologyDaily Date : Mon Aug 11 2025 19:45:08 Your webcam could be hacked and hijacked into malware attacks - researchers warn Lenovo devices specifically at risk Date: Mon, 11 Aug 2025 18:32:00 +0000 Description: What if your webcam turns on you and starts downloading malware? FULL STORY ======================================================================Research ers claim to have found a way to turn a Lenovo webcam into a BadUSB device BadUSB is a firmware vulnerability that turns a USB stick into a malware-writing weapon Lenovo released a firmware update, so users should patch now Your device's webcam can be reprogrammed to turn on you and serve as a backdoor for a threat actor, experts have warned. Security researchers at Eclypsium claim certain Lenovo webcam models powered by Linux can be turned into so-called BadUSB devices. The bug is now tracked as CVE-2025-4371. It still doesnt have a severity score, but it has a nickname - BadCam. Reflashing firmware Roughly a decade ago, researchers found a way to reprogram a USB devices firmware to act maliciously, letting it mimic keyboards, network cards, or other devices. This allows it to run commands, install malware, or steal data, and the biggest advantage compared to traditional malware is that it can successfully bypass traditional security measures. The vulnerability was dubbed BadUSB, and was seen abused in the wild, when threat actors FIN7 started mailing weaponized USB drives to US-based organizations. At one point, the FBI even started warning people not to plug in USB devices found in office toilets, airports, or received in the postbox. Now, Eclypsium says that the same thing can be done with certain USB webcams , built by Lenovo and powered by Linux. "This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system," Eclypsium told The Hacker News . "An attacker who gains remote code execution on a system can reflash the firmware of an attached Linux-powered webcam, repurposing it to behave as a malicious HID or to emulate additional USB devices," the researchers explained. "Once weaponized, the seemingly innocuous webcam can inject keystrokes, deliver malicious payloads, or serve as a foothold for deeper persistence, all while maintaining the outward appearance and core functionality of a standard camera. Gaining remote access to a webcam requires the device to be compromised in the first place, in which case the attackers can do what they please anyway. However, users should be careful not to plug in other peoples webcams, or buy such products from shady internet shops. Lenovo 510 FHD and Lenovo Performance FHD webcams were said to be vulnerable, and a firmware update version 4.8.0 was released to mitigate the threat. You might also like FBI warns over new malware targeting webcams and DVRs Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/your-webcam-could-be-hacked-and-hijacke d-into-malware-attacks-researchers-warn-lenovo-devices-specifically-at-risk --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .