"SmileCam Surprise: When Your Webcam Becomes a Sneaky Spy"

You're on a video call when suddenly your laptop starts acting possessed, typing by itself, running scripts or launching applications. Sounds like a horror movie? Unfortunately, this is now possible due to a critical flaw in Linux-based Lenovo webcams that hackers can exploit remotely!

What's Going On?

Security researchers from Eclypsium have discovered a sneaky trick dubbed "SmileCam Spoof" where your Lenovo Linux-powered webcam gets hijacked and turned into a stealthy attack tool.

Once hijacked, the webcam’s firmware gets rewritten turning it into a Bad USB device (aka CVE-2025-4371). This means it can mimic a keyboard to inject hidden commands, install malware, or even sneak back in after a fresh reinstall. You’d never know

Affected models :  include the Lenovo 510 FHD and Lenovo Performance FHD Webcam.

Why This Matters

1. Your webcam just became more than a camera: It can act like a keyboard or take over your device without warning. If attackers gain access, they can record video, capture images, or manipulate your device in harmful ways.
2. Attacks stick around: A wiped system might be Irrelevant. This rogue firmware can reinfect you anytime.
3. No Physical Access Needed – Can be exploited remotely over the internet.
4. Total System Takeover Risk – Attackers could install spyware, ransomware, or steal sensitive data.

How the Attack Works

·      Hackers find vulnerable Lenovo laptops connected to the internet

·      They exploit the webcam's firm ware to make it act like a malicious USB keyboard

·      Your computer blindly trusts this "keyboard" and executes dangerous commands

·      Device is compromised

Action steps

1. Check If You're Vulnerable: Affected models include ThinkPad (X1 Carbon, P series), Yoga, and some IdeaPads.

2. Update IMMEDIATELY: Lenovo has released firmware patches – install them NOW .Go to Lenovo Vantage app →Check for updates.

3. Disable Unused Webcams: Physically cover the webcam when not in use.  In BIOS/UEFI, disable "Always On USB" feature if available.

4. Be Webcam Smart: Never approve unexpected USB device prompts , Monitor for strange keyboard behaviour . Enable USB port lockdown in your BIOS settings if your laptop supports it. This prevents unauthorized USB devices from being recognized.