Vulnerability Management, IoT, Threat Intelligence

BadUSB attacks possible with Lenovo webcam vulnerabilities

binary code and magnifying glass

(Adobe Stock)

Lenovo's Linux-based 510 FHD and Performance FHD webcams have been impacted by multiple security flaws dubbed "BadCam," which could be harnessed to facilitate keystroke injections and operating system-independent intrusions, Security Affairs reports.

Attackers could leverage the vulnerable Lenovo webcams, which utilize SigmaStar ARM-based SoCs running Linux with USB Gadget support, to remotely reflash firmware and impersonate other peripherals to enable remote code execution and persistence, an Eclypsium report presented at the DEF CON 33 security conference revealed. Lenovo and SigmaStar have already worked to resolve the issue with an updated installation tool that includes signature validation after being sought to update impacted SoCs with firmware verification. "To our knowledge, this is the first time it has been demonstrated that attackers can weaponize a USB device that is already attached to a computer that was not initially intended to be malicious," said Eclypsium researchers, who urged organizations to reevaluate hardware and endpoint trust models.

Related

Robust DDoS botnet likely with chained Windows flaws

Tens of thousands of public domain controllers could be looped into a robust distributed denial-of-service botnet through the new Win-DDoS attack technique, which leverages multiple already-fixed security vulnerabilities in Windows Lightweight Directory Access Protocol, Windows Local Security Authority Subsystem Service, Windows Netlogon, and Windows Print Spooler, according to The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BackdoorBlack HatBotnetBusiness Email Compromise (BEC)DNS SpoofingData MiningDeepfakeDictionary AttackDistributed ScansDomain Hijacking

You can skip this ad in 5 seconds