Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks
Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks — Aug 09, 2025Ravie LakshmananVulnerability / Hardware Security Linux-Based Le
What’s new: Cybersecurity researchers have identified vulnerabilities in Lenovo’s Linux-based webcams, specifically the Lenovo 510 FHD and Lenovo Performance FHD models, which can be exploited to conduct BadUSB attacks. This allows remote attackers to inject keystrokes and execute commands without the need for physical access to the device. The vulnerabilities stem from inadequate firmware validation, enabling attackers to reprogram the webcam’s firmware remotely. Lenovo has released firmware updates (version 4.8.0) to address these issues.
Who’s affected
Users of Lenovo 510 FHD and Lenovo Performance FHD webcams are at risk of these vulnerabilities, which can compromise the security of connected systems.
What to do
- Update the firmware of affected Lenovo webcams to version 4.8.0 or later to mitigate the vulnerabilities.
- Monitor for any unusual behavior from connected peripherals and implement strict access controls.
- Educate users about the risks associated with USB devices and the importance of securing peripherals.
