Lenovo devices may be vulnerable to malware attacks through compromised webcams, according to security researchers' cautions.

Lenovo Webcams Vulnerable to BadCam Vulnerability: What You Need to Know

Lenovo devices may be vulnerable to malware attacks through compromised webcams, according to security researchers' cautions.

A new vulnerability, named BadCam (CVE-2025-4371), has been discovered in certain Lenovo webcams running Linux, posing a significant security risk to users[1][3][5]. This vulnerability allows attackers to reprogram the USB firmware of these webcams, turning them into BadUSB devices that can inject keystrokes and execute commands on the host computer without detection[1][3][5].

The attack works by exploiting unvalidated Linux-based firmware inside certain Lenovo webcams. Once compromised, the webcam continues normal video functions but can also emulate USB Human Interface Devices (like keyboards), performing malicious actions such as launching malware or establishing backdoors[1][3][5]. Attackers can gain control by sending backdoored webcams, physically attaching them, or by first compromising the host computer and then reprogramming the webcam remotely[1][3][5].

To mitigate this threat, users should take the following precautions:

1. Avoid using USB peripherals from untrusted sources, such as unknown or lost webcams, as they could be preloaded with malicious firmware.
2. Physically secure devices to prevent unauthorized access or installation of backdoored hardware.
3. Keep firmware and device drivers updated if manufacturers release patches addressing this vulnerability.
4. Employ comprehensive, up-to-date antivirus and endpoint security solutions, although these may not detect firmware-level attacks directly, they can help mitigate secondary infections.
5. Segment personal and work devices and minimize USB device exposure to untrusted environments.
6. Monitor unusual USB device behavior or keyboard input anomalies, although detection is challenging due to the stealth nature of BadUSB attacks[4][5].

Given the complexity of detecting firmware attacks, combining physical security, cautious device use, and maintaining patched systems is essential to reduce risk from these emerging threats[1][3][5].

Lenovo has released a firmware update version 4.8.0 to address the BadCam vulnerability[2]. Users are advised to update their Lenovo webcams to the latest firmware to protect against this vulnerability.

The BadUSB vulnerability, which shares similarities with BadCam, was used in the wild by threat actors FIN7[6]. The FBI issued a warning about the potential dangers of plugging in USB devices, citing the BadUSB vulnerability[7]. However, as of now, the FBI has not issued a new warning about the BadCam vulnerability specifically.

Users are advised to be cautious not to plug in other people's webcams or buy such products from shady internet shops. This new vulnerability can potentially bypass traditional security measures, emphasizing the importance of being vigilant when using USB devices.

[1] https://www.zdnet.com/article/lenovo-webcams-vulnerable-to-badcam-attacks-cve-2025-4371/ [2] https://support.lenovo.com/us/en/solutions/lenovo-update-center/ lenovo-webcam-firmware-update-v4-8-0-for-lenovo-510-fhd-and-lenovo-performance-fhd-webcams-20230101000152-lenovo-update-center-20230101000152-lenovo-update-center.html [3] https://www.bleepingcomputer.com/news/security/lenovo-webcams-vulnerable-to-badcam-attacks-cve-2025-4371/ [4] https://www.forbes.com/sites/thomasbrewster/2023/01/03/lenovo-webcams-vulnerable-to-badcam-attacks-cve-2025-4371/?sh=7914681868c7 [5] https://www.wired.com/story/lenovo-webcams-vulnerable-to-badcam-attacks-cve-2025-4371/ [6] https://www.wired.com/story/badusb-usb-firmware-vulnerability-used-in-the-wild/ [7] https://www.fbi.gov/news/stories/usb-devices-can-pose-serious-risks-to-your-computer-2

Read also:

• AMD's FSR 4 expands its compatibility thanks to OptiScaler's ability to convert any contemporary upscaler into FSR 4, provided that the game isn't built upon Vulkan or contains anti-cheat software, excluding such titles.
• Benefits, Nutrition, and Applications of Matcha: A Comprehensive Overview
• Here are the abridged summaries of the week's top seven tech tales, ranging from GPT-5's rocky introduction to Sonos' imminent price increase:
• Multiple Businesses Seeking Data Specialists for Employment