How to Find Out What App is Using Your Webcam to Spy on You

Covering your webcam with a sticker or a bit of tape is a security best practice, but if you want to find out if malicious applications are accessing your webcam on your Windows PC or Mac, you can investigate with the tools below.

First, we’ll find your webcam’s physical device ID. Then, we’ll use the freeware Process Explorer to search for any apps currently using the device.

1. Open Device Manager by searching for it in the Start Menu.

open-device-manager

2. Find your webcam under the Imaging Devices drop down menu.

device-manager-imaging-devices

3. Double-click on the webcam and open the “Details” tab.

device-manager-details-pane

4. Click the drop down menu and select “Physical Device Object name” from the list.

device-manager-physical-object-name

5. Right-click on the device ID and select “Copy.”

device-manager-copy-physical-id

6. Download Process Explorer from Microsoft’s website and extract the ZIP file.

7. Open Process Explorer.

process-explorer-main-screen

8. Press “Control + F” to open the Find window. Paste in your webcam’s device ID and click “Search.”

process-explorer-search-device-id

9. After a few seconds, you’ll see a list of any software processes accessing your webcam.

process-explorer-active-applications

10. You can then locate these processes in Task Manager (Control + Alt + Delete) and terminate them.

task-manager-end-task

While Process Explorer works well for Windows (even if it is a little round-about), it’s not as easy to uncover the application controlling your Mac’s webcam. However, there are two ways we can get ourselves there.

Using lsof to Find Out What App is Using Your Webcam

You can use the Terminal command lsof to find out which application is currently using your webcam.

1. Open Terminal (Applications/Utilities/Terminal.app).

macos-window-management-terminal-fix-1

2. If you have a built-in webcam, type in the command below and press “Enter:”

lsof | grep AppleCamera

If you have a third-party webcam, type in the following command and press “Enter:”

lsof | grep VDC

terminal-webcam-lsof-1

3. This will list any application currently using your webcam.

terminal-webcam-lsof-2

Unfortunately, this will likely also list some extraneous applications, like the manufacturer software powering the camera and, frequently, Google Chrome. This will give you a place to start, however, and by quickly scanning the list, you might be able to notice malicious applications.

This list, though cryptic looking, is decipherable. If you look at the beginning of each line, you’ll see some familiar program names: in this case, Google and FaceTime. There’s also some unusual ones, like LCore and something called “avconfere.”

4. To find out more about this processes, I can us the ps -p command, along with the process ID. The process ID is the number next to each program’s name.

terminal-webcam-process-id

5. For example, the following command will tell me more about the LCore process:

ps -p 777

terminal-webcam-ps-1

6. As we can see, that’s the Logitech kext that’s running my Logitech webcam, so that’s no danger.

terminal-webcam-ps-2

7. Let’s try the same trick on the avconfere process using the command below:

ps -p 22477

terminal-webcam-ps-3

8. That actually “avconferenced” which is the daemon that handles all webcam requests on macOS, so that’s also safe too.

terminal-webcam-ps-4

Quitting Apps Using Your Webcam

If you do find a malicious application, you can quit it from the command line using the kill command.

1. Use the above process to determine the process ID of the application using your webcam.

2. Type kill #### where #### is the process ID of the application you want to quit. For example, to kill Chrome, I would type the following:

kill 658

terminal-webcam-kill-process

Using Oversight To Get Notified When Your Webcam Is Enabled

lsof has limitations, listing all the apps that might attempt to access your webcam (like Chrome) even if they’re not doing so currently. The freeware app, Oversight, which was developed by an ex-NSA hacker, is a good alternative. Oversight will alert you whenever your camera or microphone becomes active, and let you know which application has started using it. You can then approve or deny the usage directly from a notification.

1. Download and install Oversight.

2. When an application wants to use your webcam, Oversight will generate a notification.

oversight-camera-alert

3. Click Allow to allow the app to use your webcam, or Block to deny the usage.

Whether your on Windows or macOS, you can identify and eliminate any processes that are using your webcam.

Leave a Reply

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.