A former FBI agent confirmed that not only was this possible but that they’d been doing it for years.
In 2013, courtesy of the documents leaked by Edward Snowden, we learned that the NSA had successful programs they used to gain backdoor access to the cameras on i Phones and Blackberries.
When everyone from the spooks at the NSA to the kid next door has access to tools that can turn a webcam against its owner then the threat is legitimate.
If you have a laptop with an integrated webcam (or a rare all-in-one desktop model that also sports an integrated webcam), you have a few options.
If your BIOS supports it, you can disable it at the BIOS level, which is ideal.
You should, no questions asked, disable or obscure your computer’s webcam. While antivirus isn’t going to detect all of these things, and won’t detect many of the latest ones that are out there, it will at least help in dealing with the possibility of infection through a link or running the wrong executable. The problem is that if the threat is actually the college kid that offers to help people with their IT problems, they can easily whitelist a trojan so an antivirus won’t detect it. You can’t really trust that little icon that says you are secure. For desktop users with external webcams, the easiest solution is to simply unplug the USB webcam.
There is no good reason, especially in light of the numerous documented cases of webcam spying, to leave an insecure recording device permanently accessible on your computer. No amount of hacking is going to magically plug an unplugged device back in.