Smile for the malware. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 18 October 2025

⏱️ 29 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Eclypsium researchers Jesse Michael and Mickey Shkatov to share their work on "BadCam - Now Weaponizing Linux Webcams." Eclypsium researchers disclosed “BadCam,” a set of vulnerabilities in certain Lenovo USB webcams that run Linux and do not validate firmware signatures, allowing attackers to reflash the devices and turn them into BadUSB-style tools. An adversary who supplies a backdoored camera or who gains remote code execution on a host can weaponize the webcam to emulate human-interface devices, inject keystrokes, deliver payloads, and maintain persistence — even re-infecting systems after OS reinstalls. The findings were presented at DEF CON 2025, Lenovo issued updated firmware/tools in coordination with SigmaStar, and researchers warn the same vector could affect other Linux-based USB peripherals, underscoring the need for firmware signing and stronger device attestation. The research can be found here: BadCam: Now Weaponizing Linux Webcams Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:12.6	What's your 2am security worry?
0:15.3	Is it, do I have the right controls in place?
0:18.1	Maybe are my vendors secure?
0:20.5	Or the one that really keeps you up at night,
0:22.7	how do I get out from under these old tools and manual processes? That's where Vanta comes in.
0:28.5	Vanta automates the manual work, so you can stop sweating over spreadsheets, chasing audit evidence,
0:34.5	and filling out endless questionnaires. Their trust management platform continuously monitors your systems,
0:40.3	centralizes your data, and simplifies your security at scale.
0:45.3	And it fits right into your workflows,
0:47.3	using AI to streamline evidence collection, flag risks,
0:51.3	and keep your program audit ready all the time.
0:55.2	With Vanta, you get everything you need to move faster, scale confidently, and finally get back to sleep.
1:01.9	Get started at Vanta.com slash cyber.
1:05.3	That's V-A-N-T-A-com slash cyber.
1:18.9	Music T.com slash cyber. Hello, everyone, and welcome to the CyberWires Research Saturday.
1:23.2	I'm Dave Bittner, and this is our weekly conversation with researchers and analysts
1:27.9	tracking down the threats and vulnerabilities,
1:30.6	solving some of the hard problems and protecting ourselves in a rapidly evolving cyberspace.
1:36.4	Thanks for joining us.
1:42.8	Well, it was partially an accidental encounter with one of the cameras I had been using for a while.
1:52.9	It had been causing me some problems over several meetings, and I thought maybe it requires a firmware update.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.