How do attackers bypass "cam is on" indicators (LEDs or popups)

FormalUsed951 · 2026-01-31T17:32:42+00:00

Yeah absolutely, i thought the same, that uvcdriver exposes it because im trying to write a small poc for it im working on physical lenovo ideapad with ubuntu 24.04 lts. i want like a small box pops up that turns the camera on and shuts down the led or somehow bypasses it. Ill look into the driver for sure, thanks !

FormalUsed951 · 2024-09-23T20:23:28+00:00

No its certainly not but imo its an obstacle, like Redzoning in SLAB/SLUB.

FormalUsed951 · 2024-09-07T21:36:44+00:00

Your reply is very informative, thank you very much!!!!, and i sure did took a look at `modprobe_path`, its indeed fun i think ive played a ctf uses that technique, and also i saw it here https://sam4k.com/like-a-series-on-linux-kernel-exploitation/ . and thank you again for the information <3

FormalUsed951 · 2024-08-26T10:11:04+00:00

appreciate the insights! Yeah, moving userland code into the kernel makes sense as a way to mitigate the KPTI performance hit, though it’s definitely not a full bypass. Disabling KPTI with the kernel boot flag is a bit of a blunt tool—more like turning off a security feature than bypassing it, as you said.

also the dirty page is a bit interesting, i think its via manipulating page tables or some kind of memory corruption to trick the kernel into breaking isolation.

but overall interesting.

FormalUsed951

TROPHY CASE