Preloader

BadCam Attack: A New Cyber Threat Emerging from Webcams

BadCam Attack: A New Cyber Threat Emerging from Webcams

BadCam Attack: A New Cyber Threat Emerging from Webcams

Webcams, long suspected of spying on users, have now found a new role in the world of cyberattacks
At BlackHat 2025 in Las Vegas, researchers unveiled a new exploit called BadCam — a technique that allows attackers to reprogram (reflash) a webcam’s firmware and use it to execute malicious operations on a computer even remotely.

 

From BadUSB to BadCam: The Evolution of an Old Threat

The BadCam attack is an advanced version of the well-known BadUSB technique.
In a BadUSB scenario, attackers modify the firmware of a seemingly harmless device — such as a USB flash drive — turning it into a hidden attack tool.
However, with BadCam, there’s no need for a pre-infected device; a normal, connected webcam can itself become the entry point for system compromise.

Researchers from Eclypsium successfully demonstrated this attack on two webcam models: Lenovo 510 FHD and Lenovo Performance FHD.
The vulnerability stems from the use of a Linux-based OS inside the webcams and the lack of cryptographic protection during firmware updates.
As a result, attackers can modify the webcam’s firmware with a few simple USB commands, transforming it into a “camera + fake keyboard” hybrid capable of executing malicious actions.

 

BadCam’s Capabilities and Risks

Once infected, a compromised webcam can simulate keyboard input and carry out operations such as:

  • Disabling antivirus and security tools

  • Downloading and executing additional malware

  • Launching Living off the Land (LotL) attacks using legitimate system tools

  • Responding to system prompts to escalate privileges

  • Extracting or exfiltrating data over the network

What makes BadCam especially dangerous is that reinstalling the operating system or antivirus software cannot remove it, since the source of infection resides in the webcam’s own firmware.

 

Potential Attack Vectors in Organizations

Possible ways for BadCam attacks to occur within enterprise environments include:

  1. Sending or replacing a legitimate webcam with a pre-compromised one

  2. Temporarily disconnecting and infecting an existing webcam using a hacker’s laptop

  3. Executing a remote firmware reflash without physically removing the device

 

Defensive Strategies Against BadCam

Cybersecurity experts recommend the following defensive measures to mitigate the threat of BadCam:

  • Use EDR/EPP solutions to monitor HID devices (keyboards, mice, webcams).
    For example, Kaspersky Next features BadUSB Protection, prompting users to verify new devices before activation.

  • Analyze USB telemetry through SIEM or XDR systems.

  • Manage USB ports via MDM/EMM platforms and create whitelists for authorized devices.

  • Regularly update firmware for webcams and peripheral devices, especially applying security patches from vendors such as Lenovo.

  • Implement the Principle of Least Privilege (PoLP) for all users.

  • Provide security awareness training about BadUSB and BadCam threats to help staff identify suspicious USB device behavior.

With the emergence of BadCam, webcams have officially joined the list of potential hacker tools.
Organizations should strengthen their multi-layered security strategies and pay closer attention to peripheral devices that might seem harmless — because even a simple USB camera could become a silent threat.

 

Source: MedadPress
www.medadpress.ir