Cybersecurity researchers have discovered critical vulnerabilities in certain Lenovo webcam models that could transform them into BadUSB attack devices. The flaws, found in Lenovo 510 FHD and Lenovo Performance FHD webcams, allow attackers to covertly inject keystrokes and execute malicious commands — all without the user’s knowledge.

The vulnerabilities, codenamed BadCam by firmware security firm Eclypsium, were disclosed at the DEF CON 33 security conference. According to the researchers, this is the first demonstrated case where a Linux-based USB peripheral already connected to a computer can be remotely hijacked for malicious purposes.

What is BadUSB?

BadUSB is a well-known attack technique first revealed in 2014 at the Black Hat conference. It targets USB firmware rather than traditional files, making it extremely difficult to detect. A compromised USB device can:

• Emulate a keyboard to type malicious commands

• Install backdoors or keyloggers

• Redirect internet traffic

• Steal sensitive data

Because it resides in the firmware layer, BadUSB is not easily removed — even after wiping a computer or reinstalling the operating system.

How the Lenovo Webcam Exploit Works

Eclypsium’s findings show that attackers who gain remote access to a system can reflash the firmware of attached Linux-powered webcams. This allows the camera to:

• Inject keystrokes into the system

• Deliver malicious payloads

• Act as a persistent foothold for further attacks

Shockingly, the webcam retains its normal appearance and functionality, making detection nearly impossible for the average user.

Since the affected webcams do not validate firmware, they are highly vulnerable to complete compromise. This means the infected webcam could even spread the attack to other computers it’s connected to in the future.

Lenovo’s Response

The vulnerabilities were responsibly disclosed to Lenovo in April 2025. Lenovo has since released firmware update version 4.8.0 to address the issues and worked with SigmaStar to provide a fix tool. Users of the affected models are urged to update their webcam firmware immediately.

Why This Matters

This incident highlights a growing security challenge: modern peripherals like webcams can run their own operating systems and accept remote commands. Without proper firmware security, these devices can become stealthy attack platforms — trusted by the host computer but fully under an attacker’s control.

Protecting Yourself

If you use a Lenovo 510 FHD or Lenovo Performance FHD webcam:

1. Update your firmware to version 4.8.0 from Lenovo’s official site.

2. Limit USB peripheral exposure on sensitive systems.

3. Use endpoint security tools that monitor device behavior, not just files.

The Lenovo BadCam vulnerabilities are a stark reminder that cybersecurity threats can hide in the most unexpected places — even in your webcam. By keeping firmware updated and applying strict USB device controls, you can reduce the risk of these stealthy, persistent attacks.