> Back to All Posts

BadCam BadUSB Attack Turns Linux Webcams Into Threats

BadCam BadUSB Attack

The newly discovered BadCam BadUSB attack exposes a dangerous flaw in certain Linux-based webcams. Security researchers warn that the vulnerability could allow attackers to reprogram webcams into malicious USB devices, enabling persistent threats that survive even after system reinstallation. This finding has raised concerns over USB device trust and firmware security.

How the BadCam Attack Works

Security firm Eclypsium identified the flaw, tracked as CVE-2025-4371, in Lenovo’s 510 FHD and Performance FHD webcams. These devices run Linux firmware but lack signature verification, allowing attackers with remote code execution to reflash the webcam’s firmware.
Once compromised, the webcam can function normally while acting as a BadUSB device, a stealthy, weaponized peripheral that can:

  • Emulate a keyboard to inject malicious commands.
  • Deliver malware payloads.
  • Reinfect the system automatically when reconnected.

Because the attack resides in the webcam firmware, it persists even after reinstalling the operating system or replacing the system’s storage drive.

Why It’s Dangerous

The BadCam BadUSB attack bypasses traditional defenses. Antivirus tools and endpoint protection rarely inspect firmware-level threats, making detection extremely challenging. Since the webcam continues to operate as intended, victims may remain unaware of the compromise.

Moreover, this technique doesn’t rely on physical USB swaps or trick devices. It weaponizes already connected peripherals, expanding the threat landscape to devices trusted inside corporate and home environments.

A Broader Risk Beyond Lenovo

While this attack currently affects the two Lenovo webcam models, Eclypsium warns that any Linux-powered USB device with unsigned firmware could be exploited in a similar way. This includes microphones, external storage devices, and other connected peripherals.

Lenovo’s Response and Mitigation

Lenovo has issued a patched firmware installer (version 4.8.0) that introduces signature validation and closes the security gap. Users should:

  1. Update webcam firmware from Lenovo’s official support page.
  2. Audit all USB devices for unsigned firmware vulnerabilities.
  3. Implement USB device access controls to limit potential attack vectors.
  4. Security teams should also deploy firmware integrity checks and monitor unusual USB behavior to detect possible BadUSB activity.

Final Thoughts

The BadCam BadUSB attack highlights a growing security risk of trusted USB peripherals becoming hidden entry points for cyberattacks. By exploiting unsigned firmware in Linux-based devices, attackers can achieve persistence and stealth unmatched by traditional malware. Immediate firmware updates and stricter USB security policies are essential to reduce exposure.

 

Janet Andersen

Janet is an experienced content creator with a strong focus on cybersecurity and online privacy. With extensive experience in the field, she’s passionate about crafting in-depth reviews and guides that help readers make informed decisions about digital security tools. When she’s not managing the site, she loves staying on top of the latest trends in the digital world.