Cybersecurity researchers have found a way to reprogram the Lenovo ThinkPad x230web’s webcam so that it can be activated without turning on the LED indicator.
Modern cyber threats call into question the security of webcams on laptops. A cybersecurity engineer known on GitHub as xairy demonstrated how an attacker reprogrammed the webcam firmware on a Lenovo ThinkPad X230 laptop. This model can use the Ricoh R5U8710 controller to independently control the LED indicator without including the camera itself. This allows the attacker to secretly monitor the user. Konovalov managed to develop a special firmware that allows you to rewrite the functionality of the firmware.
Reprogramming webcams via USB is not a new threat. Back in 2012, built-in webcams were often controlled by software. This opened the way for attacks that allow bypassing the activity indicator. In modern laptops like the MacBook, the LED indicators are usually connected directly to the power supply of the camera, which provides better security.
Although physical protection like camera stickers may seem “paranoid”, it is still an effective way to protect yourself from spying.