Your webcam could be hacked and hijacked into malware attacks - researchers warn Lenovo devices specifically at risk

News
By published

What if your webcam turns on you?

webcams
(Image credit: Shutterstock)
  • Researchers claim to have found a way to turn a Lenovo webcam into a BadUSB device
  • BadUSB is a firmware vulnerability that turns a USB stick into a malware-writing weapon
  • Lenovo released a firmware update, so users should patch now

Your device's webcam can be reprogrammed to turn on you and serve as a backdoor for a threat actor, experts have warned.

Security researchers at Eclypsium claim certain Lenovo webcam models powered by Linux can be turned into so-called “BadUSB” devices.

The bug is now tracked as CVE-2025-4371. It still doesn’t have a severity score, but it has a nickname - BadCam.

Reflashing firmware

Roughly a decade ago, researchers found a way to reprogram a USB device’s firmware to act maliciously, letting it mimic keyboards, network cards, or other devices. This allows it to run commands, install malware, or steal data, and the biggest advantage compared to traditional malware is that it can successfully bypass traditional security measures.

The vulnerability was dubbed “BadUSB”, and was seen abused in the wild, when threat actors FIN7 started mailing weaponized USB drives to US-based organizations. At one point, the FBI even started warning people not to plug in USB devices found in office toilets, airports, or received in the postbox.

Now, Eclypsium says that the same thing can be done with certain USB webcams, built by Lenovo and powered by Linux.

"This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system," Eclypsium told The Hacker News.

"An attacker who gains remote code execution on a system can reflash the firmware of an attached Linux-powered webcam, repurposing it to behave as a malicious HID or to emulate additional USB devices," the researchers explained.

"Once weaponized, the seemingly innocuous webcam can inject keystrokes, deliver malicious payloads, or serve as a foothold for deeper persistence, all while maintaining the outward appearance and core functionality of a standard camera.

Gaining remote access to a webcam requires the device to be compromised in the first place, in which case the attackers can do what they please anyway. However, users should be careful not to plug in other people’s webcams, or buy such products from shady internet shops.

Lenovo 510 FHD and Lenovo Performance FHD webcams were said to be vulnerable, and a firmware update version 4.8.0 was released to mitigate the threat.

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.