Researchers uncovered vulnerabilities in Lenovo webcams that can be exploited by remote attackers to execute keystrokes and commands without relying on the host operating system. Known as BadCam, these vulnerabilities enable a device to be used in a BadUSB attack, where an attacker can gain control over a Linux-based USB peripheral and utilize it for malicious activities. This includes sending compromised webcams to victims or gaining physical access to attached devices, facilitating post-exploitation actions and sensitive data exfiltration.
Vulnerabilities in select Lenovo webcams allow remote attackers to covertly inject keystrokes and launch attacks independent of the host operating system.
This marks the first demonstration of weaponizing control over a Linux-based USB peripheral for malicious intent by threat actors.
A potential attack can involve sending a backdoored webcam to a victim or attaching it to a computer to compromise the system.
BadUSB exploits vulnerabilities in USB firmware to discreetly execute commands without detection by traditional antivirus tools.
Collection
[
|
...
]