Are you on Windows 10 and want to know if your webcam is hacked? A disturbing phenomenon that is developing aims to take compromising images of an individual by hacking into his webcam to extort money from him. Fortunately, it is possible to find out if an unwanted application or a virus is using your webcam, thanks to this trick.
Natively, Windows does not simplify the task of those who want to know which application is using the webcam from the computer. Not only is it possible for a pirate to access your webcam, but in some cases it can do so without your knowledge, ie by deactivating the small diode next to the camera. So much so that a growing number of people do not hesitate to put a piece of tape on it, as Mark Zuckerberg does or advises a former director of the FBI, see turn off webcam with drastic methods.
Like going directly to unplug it on the motherboard in the case of laptops. To be perfectly clear, if you never use your webcam, this is a viable solution. Now, if you just want to control which application is using the webcam at a given time, that's also possible, and it's even smart if you see the diode light up for no apparent reason.
How to tell if your webcam is hacked in Windows 10
The diode of your webcam has just turned on? To find out which app is spying on you on Windows 10, we are first going to need to know the “Physical Device Object Name” of your webcam.
- Right click on the start menu then click Gestionnaire de périphériques
- Find your webcam in Image acquisition device
- Right click to go to Properties, then go to the tab Details
- In the drop-down menu Property choose Physical device object name
- Right click on the value then Copier
- Download Process Explorer from the Microsoft site by clicking on this link
- Unzip everything in a folder where the program can stay
- Open Process Explorer with the privileges Administrator
- Click on Find > Find Handle or DLL…
- Paste it Physical device object name in the field Handle or DLL substring
- Click on Search
What interests us in this column is the PID. By returning to the list, you can find the program that requested the webcam. In my case, I launched Skype, and in the Process Explorer, I therefore went back… to a svchost.exe instance. In this specific case, it is normal, this process is the interface between the peripherals and the Windows applications.
To go back to the application, you can go to the corresponding process svchost.exe then to the tab Services. To go even further, you can go to the classic task manager and find the correct process PID by going to the Details tab. Right-click on the correct svchost.exe, then on Go to process. In our case, the quest stops at FrameServer.
The final word: disable FrameServer for more security
I couldn't get back to Skype.exe with this method, because since the Anniversary Update, everything that uses the webcam goes through FrameServer, a Windows service for sharing the webcam stream between multiple concurrent applications. Suddenly we see here that FrameServer blurs the tracks which seems really counterproductive.
Especially if you rarely use the webcam… Fortunately, you can deactivate FrameServer to always be able to go back to the right program. Although we would have preferred a simple way to list applications using FrameServer. To do this, go to the system registry and:
- Create a named DWORD value EnableFrameServerMode in:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Media FoundationPlatform
- Create a named DWORD value EnableFrameServerMode in:
HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoftWindows Media FoundationPlatform
- To read also: Windows 10, how to restart Explorer.exe in all situations
Then restart the computer to apply the changes. That's it, you can now always go back to the application that uses the webcam. I hope this guide will be useful to you!
The editorial advises you:
- macOS: this new malware takes screenshots without your knowledge
