Smile for the malware. [Research Saturday]

26 snips

Oct 18, 2025

Jesse Michael and Mickey Shkatov from Eclypsium delve into their groundbreaking research on "BadCam," revealing vulnerabilities in Lenovo webcams that could allow attackers to hijack these devices. They discuss the frightening potential of weaponizing Linux webcams, transforming them into malicious tools that can inject keystrokes and maintain persistent access. The duo highlights the insecure update practices that enable these threats, stressing the urgent need for stronger firmware validation across all Linux-based peripherals.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

Discovery Started With A Firmware Check

Mickey found the issue after trying to update a Lenovo webcam's firmware and discovering it ran Linux.
That accidental check led to uncovering the insecure update process and the BadCam research.

INSIGHT

Problem Is Lack Of Firmware Validation

The core problem is missing firmware validation, not merely firmware bugs.
Running Linux on a device is fine, but allowing unsigned or unverified images is dangerous.

INSIGHT

Supply Chain Opacity In Camera Builds

These Lenovo webcams use SigmaStar SoC kits that OEMs rebrand and ship.
OEMs often depend on suppliers for firmware and may lack visibility into component internals.

Get the Snipd Podcast app to discover more snips from this episode

Get the app