Linux Webcams Weaponized to Inject Keystrokes and Execute Attacks

Security researchers have uncovered a concerning vulnerability that transforms everyday USB webcams into covert attack tools capable of injecting malicious keystrokes and executing unauthorized commands on connected computers.

This groundbreaking discovery represents the first documented case of weaponizing USB devices already attached to systems that were not originally designed for malicious purposes.

Researchers Jesse Michael and Mickey Shkatov from Eclypsium presented their findings at DEF CON 2025, demonstrating how specific Lenovo webcam models running Linux can be remotely compromised and converted into BadUSB attack devices.

The vulnerability affects Lenovo 510 FHD and Lenovo Performance FHD webcams manufactured by SigmaStar, which utilize ARM-powered System-on-Chip processors running full Linux operating systems.

The BadUSB Threat Landscape

BadUSB attacks exploit fundamental trust relationships between computers and USB peripherals by reprogramming device firmware to masquerade as human interface devices (HIDs).

First demonstrated at Black Hat 2014, these attacks have evolved significantly, with hardware platforms like ...