This repository contains tools that allow getting software control of the webcam LED on ThinkPad X230 without physical access to the laptop. These wer

Search code, repositories, users, issues, pull requests...

submited by
Style Pass
2024-11-27 20:30:12

This repository contains tools that allow getting software control of the webcam LED on ThinkPad X230 without physical access to the laptop. These were created as a practical demonstration that malware can record video through the webcam without the LED indication.

This works via reflashing the webcam firmware over USB (the X230 webcam is connected over USB internally) to add a capability of arbitrarily controlling the LED. This approach likely affects many other laptops, as connecting the webcam over USB and allowing to reflash its firmware is a common design pattern across laptop manufacturers.

See the "Lights Out: Covertly turning off the ThinkPad webcam LED indicator" talk (pdf) I gave at POC 2024 for the details: discovering a way to reflash the X230 webcam firmware, reverse engineering the firmware, adding an implant for LED control, and notes about the applicability of the approach to other laptops.

The webcam used on ThinkPad X230 (and a few other laptops from the same era) is based on the Ricoh R5U8710 USB camera controller. This controller stores a part of its firmware, the SROM part, on the SPI flash chip located on the webcam board. The controller also allows reflashing the contents of the SPI chip over USB.

Leave a Comment