This is easy if you use any blobs.
This is completely easy doing on phones or mobile devices, because their real-time OSes (the phones run several OSes alone) are blackboxes that allow memory access to everything coming from station (and such mobile station can be bought and set up). Only exception being Freerunner.
Firmware backdoor vs OS backdoor thoughts
On the one hand, on laptops where the camera model, chipset, and wireless model are all known in advance, a firmware backdoor to turn a camera on in reponse to a specific signal sent by wi-fi would not be too hard. On the other hand, exporting the take when the vendor-provided OS is gone would be much more difficult. They'd need something like ffmpeg to convert the raw output to H264 or some other codec, and a "firmware" blog with 2-3MB video encoder added would look awfully large for something that is supposed to contain only microcode. A possible approach to detection would be to compare the size of known firmware blobs to the predicted size of microcode to do what the firmware is publicly supposed to so.
Originally Posted by RealNC
For a linux blob to be a bulk attack vector, it would have to be one with access to the camera and the wireless card(both devices on DMA perhaps), and be a blob likely to be used by the most common targets. Closed gaming video drivers might be rare on computers used by spies or kiddie-porn traffickers, for instance, due to their high profile as untrusted closed software and large size.
I agree that unused webcams should always be covered, not just turned off in BIOS. This is so easy to do that when security is an issue it should be the first thing done, and it removes all questions of worrying about an arms race with opposing hackers who have access to the OEM. This is not because it is likely to be used against, you, but rather because it is so foolish not to take a five minute, costless step to take a potential issue entirely off the table. If there is a 99% chance they can't turn it on, why have to worry about the other 1%?
Still, so few people rip out vendor provided OS's that the FBI probably would regard huge amounts of extra work and risk to extend the ability to turn webcams on to the last 1% of computers as not worth the hassle. Remember, Microsoft and Apple bend over backwards to support the cops with in-house tools, so the FBI's back door into those may be as simple as placing a covert purchase order. Google/Android may have required a little more "pursuasion" to drop malicious binaries into the phones-or maybe they just go to the Big Telcos who are actually installing Android on all those phones and tablets. If the OS comes from the vendor, undeclared binaries are trivial to drop in, nearly impossible to find until the names are known. Remember Carrier IQ in "open-source" Andriod provided by cell phone companies? Always replace the vendor-provided OS.
If YOU install Linux, they can then forget backdoors in open-source software, too easily found and too little cooperation. Would have to be exploits one machine at a time, against machines chosen in advance, the hardest job in offensive hacking
It's just as easy with pre-compiled kernel modules of otherwise open source drivers, as used by the majority of Linux distros.
Originally Posted by brosis
Its possible, depending on the Linux user.
I have my own private Linux distribution that I develop and use.
Almost everything about it is completely different than all traditional distributions.
1. It doesn't use a bootloader, I use UEFI to boot my linux kernel directly.
2. My Filesystem Directory Structure is completely custom I have "apps, sys(bin, etc, lib, include, boot, ...), users, mount, net"
apps - Global Application Install Dir
sys - Systems Dir contains subdirs like bin, etc, lib, include, boot, ...
users - Users dir (basicly /home) what unique in regards is each user also has an additional apps dir for locally installed software.
mount - It's /mount lol
net - Is where network related applications(services) are stored like Web Servers, Ftp Servers, VOIP Servers, ...
3. My /sys dir is read only
4. I have my own custom built Application development Framework based on modified and re-factored versions of Poco C++ and Boost
it resembles something like Qt5. And uses OpenGL for all rendering.
5. I have a custom Xorg server that is stripped of everything minus whats required for GLX, applications handle input directly from the kernel.
6. I use a custom IPC framework.
7. And many more differences...
The point is, that my Distro is so custom that most Linux applications don't work on it. I build my own depending on what I need. If the NSA was able to access my webcam I would know immediately as my applications will only open a port when I request them to and when the application is closed so is the port they opened, I monitor my network connections very closely.
Why all this paranoia?
Originally Posted by zester
Perhaps you should ask the BSD guys how well that worked for them lol
Originally Posted by d2kx
Is the computer connected to an outside network? Then yes, its quite possible.
Can they do it to your specific computer on a whim? That's harder to determine.