This repository offers tools to remotely control the webcam LED on a ThinkPad X230, showcasing how malware can spy through the webcam without activating the LED. By reflashing the webcam firmware over USB, the LED can be controlled arbitrarily. This method could potentially work on other laptops that have similar design patterns, with the webcam connected internally via USB. The repository includes tools for reading and writing firmware, patching images, fetching memory contents, and turning the webcam LED on/off. While the approach is clever, caution is advised as reflashing the firmware could potentially disable the webcam. The detailed process is outlined in the “Lights Out” talk presented at POC 2024.
https://github.com/xairy/lights-out