Camfecting, in the field of computer security, is the process of attempting to hack into a person's webcam and activate it without the webcam owner's permission.[1] The remotely activated webcam can be used to watch anything within the webcam's field of vision, sometimes including the webcam owner themselves. Camfecting is most often carried out by infecting the victim's computer with a virus that can provide the hacker access to their webcam. This attack is specifically targeted at the victim's webcam, and hence the name camfecting, a portmanteau of the words camera and infecting.
Typically, a webcam hacker or a camfecter sends his victim an innocent-looking application which has a hidden Trojan software through which the camfecter can control the victim's webcam. The camfecter virus installs itself silently when the victim runs the original application. Once installed, the camfecter can turn on the webcam and capture pictures/videos. The camfecter software works just like the original webcam software present in the victim computer, the only difference being that the camfecter controls the software instead of the webcam's owner.
Marcus Thomas, former assistant director of the FBI's Operational Technology Division in Quantico, said in a 2013 story in The Washington Post that the FBI had been able to covertly activate a computer's camera—without triggering the light that lets users know it is recording—for several years.[2]
In November 2013, American teenager Jared James Abrahams pleaded guilty to hacking over 100-150 women and installing the highly invasive malware Blackshades on their computers in order to obtain nude images and videos of them. One of his victims was Miss Teen USA 2013 Cassidy Wolf.[3]
Researchers from Johns Hopkins University have shown how to covertly capture images from the iSight camera on MacBook and iMac models released before 2008, by reprogramming the microcontroller's firmware.[4]
A computer that does not have an up-to-date webcam software or any anti-virus (or firewall) software installed and operational may be at increased risk for camfecting. Softcams may nominally increase this risk, if not maintained or configured properly.
Recently webcam privacy software was introduced by such companies such as Stop Being Watched or Webcamlock. The software exposes access to a webcam, and prompts the user to allow or deny access by showing what program is trying to access the webcam. Allowing the user to accept a trusted program the user recognizes, or terminate the attempt immediately.
There is now a market for the manufacture and sale sliding lens covers that allow users to physically block their computer's camera and, in some cases, microphone.