A crucial vulnerability was uncovered that transforms strange Linux-powered webcams into weaponized BadUSB assault instruments, enabling distant hackers to inject malicious keystrokes and compromise goal programs with out detection.
The analysis, introduced at DEF CON 2025, demonstrates the primary recognized case the place attackers can remotely weaponize USB units already linked to computer systems, marking a major evolution in cyber assault methodologies.
Key Takeaways1. Hackers remotely weaponize Lenovo webcams into keystroke-injecting BadUSB instruments.2. Assault survives system wipes by exploiting firmware validation flaws.3. Lenovo issued fixes, however different Linux USB units stay susceptible.
Weaponizing Linux Webcams
Eclypsium stories that the safety flaw impacts Lenovo 510 FHD and Efficiency FHD webcams manufactured by SigmaStar, which make the most of the ARM-powered SSC9351D System-on-Chip (SoC) processor that includes dual-core ARM Cortex-A7 CPU structure with embedded DDR3 reminiscence.
These units run an entire Linux working system, particularly “Linux (none) 4.9.84 #445 SMP PREEMPT Tue Mar 22 17:08:22 CST 2022 armv7l GNU/Linux,” making them susceptible to firmware manipulation assaults.
The crucial vulnerability stems from the absence of firmware signature validation through the replace course of. Attackers can exploit this weak point by sending particular instructions over USB to utterly compromise the digital camera’s 8MB SPI flash reminiscence.
Assault Chain
The assault sequence includes executing instructions equivalent to sf probe 0, sf erase 0x50000 0x7B0000, and tftp 0x21000000 lenovo_hd510_ota_v4.6.2.bin, adopted by sf write 0x21000000 0x50000 0x7B0000 to overwrite the firmware solely.
The assault leverages Linux USB gadget performance, a kernel characteristic that permits Linux-based units to masquerade as varied USB peripherals, together with keyboards, mass storage units, or community adapters.
This functionality transforms the webcam right into a Human Interface Machine (HID) able to injecting keystrokes, executing malicious instructions, and sustaining persistent entry to compromised programs.
Not like conventional BadUSB assaults that require bodily gadget alternative, this method permits distant attackers who’ve gained preliminary system entry to reflash webcam firmware and set up a persistent backdoor.
The weaponized webcam can subsequently re-infect the host laptop even after an entire system reinstallation, offering unprecedented persistence capabilities.
Mitigations
Lenovo has responded by growing an up to date firmware set up instrument that addresses the signature validation flaw, releasing model 4.8.0 firmware updates for each affected webcam fashions.
The corporate assigned CVE-2025-4371 to trace this vulnerability and labored with SigmaStar to implement correct safety measures.
The analysis reveals a broader menace panorama, as quite a few USB peripherals past webcams could include comparable Linux-based architectures susceptible to weaponization.
Safety specialists warn that any USB-attached gadget working Linux with out firmware validation may doubtlessly be exploited utilizing comparable assault vectors, basically difficult conventional endpoint safety fashions and necessitating enhanced {hardware} belief verification mechanisms.
Equip your SOC with full entry to the newest menace knowledge from ANY.RUN TI Lookup that may Enhance incident response -> Get 14-day Free Trial
