You arrive at a short-term rental late, tired, and ready for bed. The host left a note on the counter. The smoke detector blinks the way smoke detectors blink. Everything looks fine. Most of the time, everything is fine.
But not always. In the past 24 months, guests have found hidden cameras inside bathroom electrical outlets, behind decorative mirrors in NYT-reported cases, and disguised as smoke detectors in vacation rentals across the US, Korea, Mexico, and Europe. Several discoveries have come not from suspicious behavior but from a guest doing exactly what this guide describes: a five-minute room sweep.
This article gives you that sweep, in order, with no fluff.
1. The 60-second physical scan
Walk into the room. Before you unpack anything, look at every object that has a clear line of sight to the bed, the shower, the toilet, or any place you would change clothes. The rule is simple: if it can see you, you should look back.
Specific objects to check, ranked by how often hidden cameras have actually been found in them:
- Smoke detectors and CO detectors. Real ones do not have cameras inside the central LED. Fake ones do. Look for a small dark circle off-center.
- Wall outlets and USB charger blocks. A real charger does not have a pinhole on the front. Real outlets do not have a tiny lens between the prongs.
- Alarm clocks and digital picture frames. Cheap spy clocks are mass-produced. The lens is often just below the time display.
- Vents, air purifiers, tissue boxes, decorative books. Anything with a hole or slot facing the bed.
- Mirrors. Press your fingertip against the surface. If the reflection touches your fingertip with no gap, it is a normal mirror. If there is a visible gap, it may be a two-way mirror with a camera behind it.
- Wall screws. A working screw can hide a 1.5mm pinhole lens. If you see a screw that does not match its neighbors, look closer.
You are looking for one of three things: a small dark circle that should not be there, a glassy reflective dot when you move your phone flashlight across a surface, or an object that does not match the brand or style of the rest of the room.
2. The phone-flashlight glint check
Turn off the room lights. Turn on your phone flashlight. Slowly sweep the beam across every wall, ceiling, fixture, and object in the room. A camera lens is glass. Glass reflects light back at you in a small, intense, sharp dot. The reflection is brighter and more concentrated than any other reflection in the room because the lens is curved and tiny.
Wood does not glint. Plastic does not glint. A camera lens glints.
This works on most pinhole cameras and any camera with a glass element pointed at the room. It does not work on cameras hidden behind cloth, mesh, or one-way film. That is what the next steps are for.
3. Scan the WiFi for known camera manufacturers
If a camera is networked, it sits on the WiFi just like a smart TV or a thermostat. Networked cameras have predictable signatures: their MAC addresses are registered to companies like Hikvision, Dahua, Reolink, Wyze, Eufy, Foscam, and dozens of smaller brands. They often listen on streaming ports (RTSP on 554, HTTP on 80 or 8080, ONVIF on 8000).
You scan the network in two ways:
The on-network scan (when you can join the host's WiFi)
Connect to the room's WiFi. Open Veilbreaker and run the WiFi scan. The app reads the local network's ARP table, identifies every connected device by MAC manufacturer, and probes each device for camera-typical ports. A device that resolves to "Hikvision Digital Technology" with port 554 open is almost certainly an IP camera.
The nearby-networks scan (when you cannot or do not want to join)
Many cheap spy cameras broadcast their own WiFi network in setup mode. The SSID often matches a brand prefix - IPCAM_xxxx, HCAM-xxxx, ESCAM_xxxx, HISEEU_xxxx, SRIHOME_xxxx, LOOKCAM_xxxx, V380_xxxx, MIPC_xxxx, and others. The nearby-networks scan finds these without you joining anything. Run it as soon as you walk in.
4. Bluetooth scan for trackers and BLE cameras
Some hidden devices are not cameras at all. They are Bluetooth trackers - AirTags, Samsung SmartTags, Tile - that someone has placed in your luggage or your rental to know your location. Other hidden cameras use BLE for setup or for low-bandwidth telemetry.
A BLE scan in Veilbreaker shows every Bluetooth device near you, identifies known tracker types by their service UUIDs, and flags persistent unknown beacons. If a device follows you between rooms, between hotels, or between cities, that is an unwanted tracker.
For more on this specific case, see our guide to detecting AirTag stalking on Android.
5. EM field sweep for offline cameras
Battery-powered or wired-but-not-networked cameras do not show up on WiFi or Bluetooth. They still draw current. Any powered electronic produces a small electromagnetic field. Your phone's magnetometer measures that field.
The EM scan in Veilbreaker calibrates a baseline against the room's normal magnetic environment, then flags spots where readings spike. Sweep it slowly, holding the phone steady, near smoke detectors, alarm clocks, outlets, decorative objects, and any spot where a camera could have a sightline.
EM detection has limits. It picks up cameras, but it also picks up speakers, motors, and metal. Use it as one signal among many, not the only one.
6. The 10-point physical inspection
The last step is structured manual inspection, not because the previous steps missed something but because it is what wins in court. Veilbreaker's physical-inspection guide steps you through the ten places hidden cameras have been found most often, with photos and instructions. If you find one, the structured checklist becomes part of the timestamped evidence report.
One sweep. Five tools. Three minutes.
Veilbreaker runs every detection method in this guide from your Android phone. 3-day free trial.
Start 3-Day Free TrialWhat to do if you actually find one
Do not unplug the device. Do not move it. Photograph it where it is, with the surrounding context visible. Generate a Veilbreaker evidence report - it captures the timestamp, the device manufacturer, the streaming ports, and the network context, all of which Airbnb and police will ask about.
Then leave the room. Call local police from outside the building. Contact Airbnb (or the platform you booked through) via their Trust and Safety reporting flow - their policy is clear that any undisclosed camera is grounds for a full refund and a host removal. Keep your booking confirmation, the report PDF, and your photographs together.
Full step-by-step in our follow-up guide: What to do when you find a hidden camera in your rental.
Quick checklist (save this)
- Walk in. Visual scan for sight-line objects.
- Lights off. Phone flashlight glint sweep.
- Nearby-networks WiFi scan from the doorway.
- Connect to room WiFi (if available). Run on-network scan.
- BLE scan for trackers.
- EM field sweep near outlets, smoke detectors, vents.
- 10-point physical inspection.
- If found: photograph, generate report, exit, call police, contact platform.
Frequently asked questions
Can my phone really detect hidden cameras?
Yes, for most camera types. Networked cameras show up on a WiFi scan by manufacturer name and open streaming ports. Cameras broadcasting their own setup-mode WiFi show up on a nearby-networks scan even when you have not joined the room network. Bluetooth trackers are detected by a BLE scan. Powered electronics generate measurable electromagnetic fields. Veilbreaker combines these into one sweep.
How long does a full sweep take?
About three to five minutes for a single room. The slowest part is the physical inspection of common hiding spots, which the app guides you through.
What if the camera is offline or analog?
Offline cameras still need power. The EM field scanner picks up the signature of a powered electronic in places power should not be. Analog pinhole cameras still have lenses that produce a small reflective glint, especially in bright directional light from a phone flashlight.
What do I do if I actually find one?
Do not unplug or move the camera. Photograph it in place. Generate a timestamped report from Veilbreaker. Contact the platform (Airbnb has a Trust and Safety reporting flow) and local police. Keep all records. See our follow-up guide on what to do when you find a hidden camera.
Is it legal to scan a network I am a guest on?
Reading your own connected device's ARP table is not illegal. The app does not read other devices' traffic, does not crack credentials, and does not make changes to the network. It identifies devices by their broadcast information.