How to Find Out What App is Using Your Webcam to Spy on You

Covering your webcam with a sticker or a bit of tape is a security best practice, but if you want to find out if malicious applications are accessing your webcam on your Windows PC or Mac, you can investigate with the tools below.

First, we’ll find your webcam’s physical device ID. Then, we’ll use the freeware Process Explorer to search for any apps currently using the device.

1. Open Device Manager by searching for it in the Start Menu.

open-device-manager

2. Find your webcam under the Imaging Devices drop down menu.

device-manager-imaging-devices

3. Double-click on the webcam and open the “Details” tab.

device-manager-details-pane

4. Click the drop down menu and select “Physical Device Object name” from the list.

device-manager-physical-object-name

5. Right-click on the device ID and select “Copy.”

device-manager-copy-physical-id

6. Download Process Explorer from Microsoft’s website and extract the ZIP file.

7. Open Process Explorer.

process-explorer-main-screen

8. Press “Control + F” to open the Find window. Paste in your webcam’s device ID and click “Search.”

process-explorer-search-device-id

9. After a few seconds, you’ll see a list of any software processes accessing your webcam.

process-explorer-active-applications

10. You can then locate these processes in Task Manager (Control + Alt + Delete) and terminate them.

task-manager-end-task

While Process Explorer works well for Windows (even if it is a little round-about), it’s not as easy to uncover the application controlling your Mac’s webcam. However, there are two ways we can get ourselves there.

Using lsof to Find Out What App is Using Your Webcam

You can use the Terminal command lsof to find out which application is currently using your webcam.

1. Open Terminal (Applications/Utilities/Terminal.app).

macos-window-management-terminal-fix-1

2. If you have a built-in webcam, type in the command below and press “Enter:”

If you have a third-party webcam, type in the following command and press “Enter:”

terminal-webcam-lsof-1

3. This will list any application currently using your webcam.

terminal-webcam-lsof-2

Unfortunately, this will likely also list some extraneous applications, like the manufacturer software powering the camera and, frequently, Google Chrome. This will give you a place to start, however, and by quickly scanning the list, you might be able to notice malicious applications.

This list, though cryptic looking, is decipherable. If you look at the beginning of each line, you’ll see some familiar program names: in this case, Google and FaceTime. There’s also some unusual ones, like LCore and something called “avconfere.”

4. To find out more about this processes, I can us the ps -p command, along with the process ID. The process ID is the number next to each program’s name.

terminal-webcam-process-id

5. For example, the following command will tell me more about the LCore process:

terminal-webcam-ps-1

6. As we can see, that’s the Logitech kext that’s running my Logitech webcam, so that’s no danger.

terminal-webcam-ps-2

7. Let’s try the same trick on the avconfere process using the command below:

terminal-webcam-ps-3

8. That actually “avconferenced” which is the daemon that handles all webcam requests on macOS, so that’s also safe too.

terminal-webcam-ps-4

Quitting Apps Using Your Webcam

If you do find a malicious application, you can quit it from the command line using the kill command.

1. Use the above process to determine the process ID of the application using your webcam.

2. Type kill #### where #### is the process ID of the application you want to quit. For example, to kill Chrome, I would type the following:

terminal-webcam-kill-process

Using Oversight To Get Notified When Your Webcam Is Enabled

lsof has limitations, listing all the apps that might attempt to access your webcam (like Chrome) even if they’re not doing so currently. The freeware app, Oversight, which was developed by an ex-NSA hacker, is a good alternative. Oversight will alert you whenever your camera or microphone becomes active, and let you know which application has started using it. You can then approve or deny the usage directly from a notification.

1. Download and install Oversight.

2. When an application wants to use your webcam, Oversight will generate a notification.

oversight-camera-alert

3. Click Allow to allow the app to use your webcam, or Block to deny the usage.

Whether your on Windows or macOS, you can identify and eliminate any processes that are using your webcam.

2 comments

  1. While it may be a bit off-topic but how does you find out which DEVICE is spying on you?

    • Hi! The two most common devices to check for surveillance would be the camera and the microphone. You can check to see if any apps are using your microphone using the steps above, but substituting your microphone’s physical device ID for your camera’s physical device ID.

      On macOS, you can use lsof | grep CoreAudio to query all the devices accessing the microphone, but it’s just as messy as the above solution. OverSight also works with audio, so it will also alert you if your mic becomes active.

Comments are closed.

Sponsored Stories