How To Detect Surveillance Cameras And Microphones In Your

Last updated: March 16, 2026

You can detect hidden surveillance cameras and microphones in your home using network scanning (nmap, arp-scan), RF analysis (gqrx, RTL-SDR), acoustic noise floor analysis, and thermal imaging. This guide covers practical methods for discovering covert surveillance equipment using command-line utilities, software-defined radio, audio analysis, and physical inspection techniques.

Prerequisites

Before you begin, make sure you have the following ready:

A computer running macOS, Linux, or Windows
Terminal or command-line access
Administrator or sudo privileges (for system-level changes)
A stable internet connection for downloading tools

Step 1 - Network Discovery for Camera Detection

Modern IP cameras and smart devices frequently broadcast on your local network. Scanning your network reveals connected devices that may include hidden cameras.

Using nmap for Network Scanning

The nmap tool scans your local network and identifies active devices:

Scan your local subnet (adjust interface if needed)
nmap -sn 192.168.1.0/24

More detailed scan with service detection
nmap -sV -p 80,443,554,8080,8888 192.168.1.0/24

Common camera ports include:

554: RTSP (Real Time Streaming Protocol)
80/8080: HTTP web interfaces
8554: Alternative RTSP
8888: Some IP camera defaults

After identifying suspicious IP addresses, examine their HTTP headers or attempt to access their web interface:

curl -I http://192.168.1.105:8080

Using arp-scan for Device Enumeration

The arp-scan tool provides an alternative method for discovering network devices:

sudo arp-scan --localnet | grep -i camera

Step 2 - Detecting Wireless Cameras with RF Analysis

Hidden wireless cameras transmit RF signals. Software-defined radio (SDR) tools help identify these transmissions.

Using gqrx and RTL-SDR

For users with RTL-SDR hardware:

Install gqrx
brew install gqrx

Scan for common camera frequencies
Typical wireless camera bands - 1.2 GHz, 2.4 GHz, 5.8 GHz

Using inspectrum for Signal Analysis

Install inspectrum
brew install inspectrum

Analyze captured RTL-SDR samples
inspectrum recording.iq -s 2.4e6

Step 3 - Microphone Detection Methods

Detecting hidden microphones requires different approaches depending on their power source and transmission method.

Acoustic Noise Floor Analysis

Hidden microphones, especially older analog devices, generate subtle electrical noise. Use audio software to analyze your environment:

audio_detection.py
import sounddevice as sd
import numpy as np

def analyze_noise_floor(duration=10, sample_rate=44100):
    print(f"Recording {duration} seconds of audio...")
    audio_data = sd.rec(duration * sample_rate, samplerate=sample_rate, channels=1)
    sd.wait()

    rms = np.sqrt(np.mean(audio_data2))
    dbfs = 20 * np.log10(rms)

    print(f"Noise floor: {dbfs:.2f} dBFS")
    return dbfs

if __name__ == "__main__":
    analyze_noise_floor()

Run this script in different rooms to establish baseline noise levels. Unusually high readings may indicate hidden microphones.

Ultrasonic Detection

Some hidden cameras and microphones emit ultrasonic tones when powered. Detect these using ultrasonic microphones:

ultrasonic_detection.py
import sounddevice as sd
import numpy as np
from scipy import signal

def detect_ultrasonic(sample_rate=192000, duration=5):
    print(f"Listening for ultrasonic activity ({duration}s)...")

    audio = sd.rec(duration * sample_rate, samplerate=sample_rate, channels=1)
    sd.wait()

    # Focus on ultrasonic frequencies (18kHz - 22kHz)
    freqs, psd = signal.welch(audio[:, 0], fs=sample_rate, nperseg=4096)
    ultrasonic_power = np.sum(psd[(freqs > 18000) & (freqs < 22000)])

    print(f"Ultrasonic power: {ultrasonic_power:.6f}")
    return ultrasonic_power

if __name__ == "__main__":
    detect_ultrasonic()

Network Traffic Analysis for Smart Devices

Smart microphones like Amazon Echo or Google Home constantly communicate with cloud servers. Monitor this traffic:

Use nethogs to monitor per-process network usage
sudo nethogs -v 3

Use tcpdump to capture DNS queries (devices often use DNS to ping home)
sudo tcpdump -i en0 -n | grep -E "(amazon|google|apple)"

Step 4 - Thermal Imaging Detection

Active electronic devices generate heat. Hidden cameras and microphones produce thermal signatures visible through thermal imaging cameras:

FLIR One iOS/Android SDK example (conceptual)
flir_capture.py
import subprocess

def capture_thermal():
    # Capture thermal image using FLIR camera
    result = subprocess.run(
        ["flirone-cli", "--image", "thermal.jpg"],
        capture_output=True
    )
    return result.returncode == 0

Analyze temperature differences in the image
Hotspots may indicate hidden electronics

Step 5 - Physical Inspection Checklist

Technical tools complement physical searches. Perform these checks:

Smoke detectors and outlets: Common hiding spots for both cameras and microphones
Wall decorations: Check for unusual holes or lenses
Mirrors: Two-way mirrors feel different, tap and check for hollow spaces
Light fixtures: Examine bulbs and fixtures
Books and decorations: Small lenses may hide in unexpected places

Step 6 - Build a Detection Toolkit

Create a portable detection kit:

detection-kit.sh - Install common tools on macOS
#!/bin/bash

brew install nmap arp-scan gqrx inspectrum sox
brew install python@3.12
pip install sounddevice numpy scipy

RTL-SDR tools
brew install rtl-sdr cubicsdr

Step 7 - Detecting Cameras with Lens Reflection Scanning

Hidden camera lenses reflect light in a distinctive way. Camera lenses are made of glass with a specific refractive index that reflects a small amount of incoming light back toward the source, even when the device is turned off. This optical property makes cameras detectable with a bright light source even when they have no network presence and emit no RF signal.

The technique works with any bright flashlight: darken the room, hold the light source near your eye level, and slowly scan surfaces. Camera lenses return a bright, colored reflection distinct from the duller reflection of ordinary objects. IR filter glass often reflects red or purple under a flashlight.

Dedicated RF/lens detector devices combine both detection methods. Consumer devices like the JMDHKK RF detector or the SZBOB Non-Linear Junction Detector range from $30 to $200. More capable devices cost more but add sensitivity and frequency range.

For a systematic visual search, document positions methodically:

room_scan.py - Document camera detection sweep
from datetime import datetime
import json

def log_room_scan(room_name: str, scan_positions: list) -> dict:
    scan_record = {
        "room": room_name,
        "date": datetime.now().isoformat(),
        "scan_method": ["visual_lens_reflection", "nmap", "rf_scan"],
        "positions_checked": [],
        "findings": []
    }

    for position in scan_positions:
        scan_record["positions_checked"].append({
            "location": position,
            "checked_at": datetime.now().isoformat(),
            "clear": True
        })

    return scan_record

Document a standard hotel room scan
positions = [
    "smoke_detector", "clock_radio", "picture_frames",
    "outlets", "light_fixtures", "tv_top", "air_vent",
    "mirror_back", "decorative_objects", "bathroom_vent"
]

log_room_scan("hotel_room_214", positions)

Systematic documentation is useful when staying in accommodations repeatedly, or when a concern needs to be reported to a property manager or law enforcement with specific locations noted.

Step 8 - Hardening Against Smart Device Surveillance

Many homes now contain dozens of connected devices: smart TVs, voice assistants, robot vacuums, baby monitors, and security cameras. These devices present a different challenge from covert surveillance equipment, they are openly installed but may be collecting more data than their owners realize.

Smart TVs with automatic content recognition (ACR) technology capture screenshots of everything displayed and transmit them to the manufacturer. This surveillance is often enabled by default during initial setup under vague “improve your experience” consent flows. Disable ACR in your TV’s privacy settings, the menu location varies by manufacturer.

Voice assistants create recordings of audio when triggered, and sometimes when not triggered due to false wake-word detection. Review and delete stored voice recordings regularly:

Monitor network traffic from smart devices using tcpdump
First, identify device IP from your router's DHCP table
sudo tcpdump -i eth0 host 192.168.1.87 -n -v 2>/dev/null |   grep -E "(amazon|alexa|google|siri|microsoft)" |   head -50

Use Wireshark for more detailed analysis
Filter - ip.addr == 192.168.1.87 && tcp

Segment smart devices onto a separate VLAN to limit their access to other devices and your main network:

Router VLAN configuration (conceptual)
VLAN 10 - Trusted devices (computers, phones)
  - Full internet access
  - Access to NAS
  - Internal DNS

VLAN 20 - IoT/Smart devices
  - Internet access only (no access to VLAN 10)
  - Blocked: local network routing
  - DNS: Pi-hole (blocks tracking domains)
  - Outbound monitoring: suspicious traffic alerts

This network segmentation means a compromised smart device cannot access your computer’s file shares, your NAS, or your other trusted devices, even if it is actively running surveillance software.

Step 9 - What to Do if You Find a Device

Discovering a hidden surveillance device in a rented space (hotel room, Airbnb, rental property) requires specific steps. How you handle the discovery affects both your ability to pursue legal remedies and the safety of any evidence.

Do not move or disable the device. Interfering with the device may constitute destruction of evidence and could complicate criminal proceedings. Photograph its location and orientation before doing anything else.

Document thoroughly before acting. Use your phone to photograph the device in situ, including reference shots showing its position relative to the room layout.

Notify the property manager or hotel management immediately. Request that they contact law enforcement. In most jurisdictions, installing covert recording devices without consent in a space where privacy is expected is a criminal offense.

Preserve network evidence. Before leaving the location, capture network traffic logs from your earlier scans. The device’s MAC address and any traffic captured are useful to investigators.

If law enforcement will not respond or the property manager is unresponsive, contact local data protection authorities. In the EU, national DPAs (Data Protection Authorities) have jurisdiction over surveillance privacy violations. In the US, contact local police and the FBI’s IC3 for internet crimes.

Post public reviews on the booking platform documenting what you found and that you reported it. This creates accountability and protects future guests.

Troubleshooting

Configuration changes not taking effect

Restart the relevant service or application after making changes. Some settings require a full system reboot. Verify the configuration file path is correct and the syntax is valid.

Permission denied errors

Run the command with sudo for system-level operations, or check that your user account has the necessary permissions. On macOS, you may need to grant terminal access in System Settings > Privacy & Security.

Connection or network-related failures

Check your internet connection and firewall settings. If using a VPN, try disconnecting temporarily to isolate the issue. Verify that the target server or service is accessible from your network.

Frequently Asked Questions

How long does it take to detect surveillance cameras and microphones in your?

For a straightforward setup, expect 30 minutes to 2 hours depending on your familiarity with the tools involved. Complex configurations with custom requirements may take longer. Having your credentials and environment ready before starting saves significant time.

What are the most common mistakes to avoid?

The most frequent issues are skipping prerequisite steps, using outdated package versions, and not reading error messages carefully. Follow the steps in order, verify each one works before moving on, and check the official documentation if something behaves unexpectedly.

Do I need prior experience to follow this guide?

Basic familiarity with the relevant tools and command line is helpful but not strictly required. Each step is explained with context. If you get stuck, the official documentation for each tool covers fundamentals that may fill in knowledge gaps.

Can I adapt this for a different tech stack?

Yes, the underlying concepts transfer to other stacks, though the specific implementation details will differ. Look for equivalent libraries and patterns in your target stack. The architecture and workflow design remain similar even when the syntax changes.

Where can I get help if I run into issues?

Start with the official documentation for each tool mentioned. Stack Overflow and GitHub Issues are good next steps for specific error messages. Community forums and Discord servers for the relevant tools often have active members who can help with setup problems.