Proposed MAC Sniffing Dongle Intended To Help Recover Stolen Electronics

An anonymous reader writes to say that an Iowa City police officer is developing a new concept to help police find more stolen property. The Gazette has a short report that officer David Schwindt, inspired by a forensics class, is working on L8NT, a specialized wireless dongle to help police officers locate stolen electronics (any of them with wireless capabilities and a MAC address, at least) by scanning for MAC addresses associated with stolen goods. The idea is to have police scan as they drive for these MAC entries, and match them against a database. The article notes a few shortcomings in this concept, but does not point out an even bigger one: MAC addresses are usually mutable, anyhow, in a way that's not as obvious as an obscured serial number, and thieves could refine their business model by automating the change.

Should work fine

Of course you can change a MAC address. However, your average 90 IQ bag snatcher can't do that. As with much policing, this is aimed at the low hanging criminal fruit - which is OK, because I imagine petty crime is the majority of crime.

If some master hacker wants to steal your laptop and hide it, they could - however they could just buy their own seeing as how anyone with the skills likely can just get a decent job that is more rewarding that pinching electronics.

Re:Should work fine

[PolygamousRanchKid+]

Until then, consider this another money pit at taxpayer expense.

Considering you can do all this stuff for free today, with Kismet and/or aircrack-ng stuff, with a cheap USB dongle . . . yes, it is a waste.

Oh, FTF Link:

L8NT's patent pending methodology strips the M.A.C. addresses from packet headers and compares them to the M.A.C. addresses of known stolen devices in its database.

OK, so they want to become a patent troll.

Re:Should work fine

[rhazz]

It won't work for exactly the same reason. Your average laptop owner doesn't know their device's MAC address. Even if they knew how to get it, they probably don't have it written down. The article also indicates they are not after bag-snatching types. This would be more likely to be used if there was a home burglary where a device happened to be taken among other things.

Re:Should work fine

[smartr]

L8NT's patent pending methodology strips the M.A.C. addresses from packet headers and compares them to the M.A.C. addresses of known stolen devices in its database.

OK, so they want to become a patent troll.

It's a cop doing the patenting. I have no doubt he's excited and proud of his "invention". Let's think about this... Not every mom and pop burglary shop has decent IT staff, and they can get caught with said software. In fact, not every mid-sized business has decent IT staff that can make software like this. Furthermore, chances are the cops also don't have IT staff to make stuff (or use existing stuff) and then easily share it with other publicly funded IT staffs. It's almost like there's something of value to be had from dedicated developers and IT services while a large part of the computer illiterate world has yet to catch on.

Re:Should work fine

[Gr8Apes]

Let's take this a step further - Apple added MAC address randomization to ios 8. Android can't be far behind, so what, exactly, is this going to do other than result in more home invasions on known false pretenses?

Re:Should work fine

[TWX]

I predict the chances of him actually getting a patent for this approaches zero.

Never underestimate the power of human stupidity. The patent office has taken the approach that if they issue stupid or bogus patents, the courts will fix it. The courts have taken the attitude that if the patent office issued the patent, it must be good. That's why there have been so many high-profile problems with patent enforcement/infringement for things that are pretty damn obvious; neither entity is willing to assume the responsibility to protect us from predatory BS.

Re:Should work fine

[rtb61]

However mac address assignment is mostly random and only needs to be unique to that ip address and internal network. So you can have multiple devices with the same mac address and based upon the violent way law en-FORCE-ment responds, not really OK to start face planting people to the pavement and jumping on the backs and then kidnapping them and throwing them into a cell after sexually molesting them and then with a whoops tee hee and then letting them go. When arrest and the prosecutorial method become a far worse punishment than say a fine, you need to start rethinking the whole justice process.

How many nerds at conferences

[Ukab+the+Great]

Are going to get in trouble because they discussed dongle-sniffing?

In search of probable cause

[sinij]

Since the use of dogs is getting push-back in courts, this is the new police invention to sidestep probable cause. Especially considering how easy it is to have a discrete device to create on-demand red flag.

Just like plate scanners & phone metadata?

[DutchUncle]

You can only find MAC addresses to check against the "stolen/missing" list if you gather EVERYTHING all the time. So now, just like tracking all of our phone calls and vehicle movements, it's a "safety" idea to track every single wifi device. It sounds so helpful . . . and if only there were some way to add "think of the children!" it would be perfect . . .

Nothing new to see here...

[bobbied]

I've been war driving for years using software that collects, among other interesting things, the MAC addresses of every device it hears. Google got in trouble doing this kind of thing too.

This is NOT new, nor should he get a patent on this....

Just no ...

[gstoddart]

Why is it the idiotic response of law enforcement when confronted with dealing with a small problem always to create a big problem.

So, if the problem is there are a small amount of people who are breaking the law ... we should constantly surveil all people at all times to find that small amount of people.

Yes, there exist people who rob banks. That doesn't mean you stop everybody and fingerprint and interrogate them in case they robbed a bank. If you have no probable cause, you shut the fuck up and don't do that. And yet time and time again law enforcement rushes to enact the totally fucking stupid "let's just stop everybody just in case".

And, in a digital world, since you already have that information for one purpose, then you really should use it for other purposes ... you know, in case we need to protect children, or enforce copyright, or ensure nobody has called the police fucking idiots and fascists.

And when they say bullshit like ""The rest of the packet is ignored," he said. "We have no idea who it is registered to." this will either change over time, or get proven to have never been true.

Give us your fucking papers, comrade.

Honestly, I swear the police are either all fucking morons, or all actively trying to find ways to bypass laws which say "you can't fucking do that assholes".

Re:Just no ...

[Solandri]

I seriously doubt the actual intent here is to help track down stolen electronics. When is the last time the police ever helped anyone recover their stolen electronics?

The real intent is probably to build up a database of MAC addresses and their locations at any given time. So later when they're investigating a homicide, they can cross-reference the database, and say "Ah hah, John Doe's phone was at the scene of the crime at the time the blurry surveillance camera video shows someone killing the clerk at the Kwik-E-Mart." Same thing they try to do with license plate scanners. If all they're looking for is stolen cars, then it just needs to scan and beep when a license plate matches a stolen car. But no, they store the location of every car scanned for months or years so they can retroactively track your movements.

The problem is actual recovery

[spiritplumber]

I've used find-my-phone type things a few times... the police don't care even if you can literally give them the thief's address. Every time it has been up to me and/or friends to enforce property rights, not the police.

Re:The problem is actual recovery

[FranTaylor]

When it happened to me I told the thief's landlord. He retrieved my stuff for me and threw her out in the street.

Mac sniffing dongle

[PopeRatzo]

I met a mac-sniffing dongle once. He finally got his dream job working the Genius Bar.

Re:Most thieves are dumb

For every thief that gets their face shown on a camera, there are a lot more who know enough to wear a hoodie.

Even the meth-head looking to snatch a phone knows enough to stuff the device in a pouch made of tinfoil, wait a few days so the device runs out of battery, then takes it apart and parts it out (or sells it to a fence for a rock, and the fence does that.)
    Same with bike thieves -- they know frames have serial numbers that are recorded, but the latest Shimano shifting set doesn't, and can be tossed on eBay for about 90% new with nobody being the wiser.

I see a few issues with a MAC sniffing device:

1: There isn't a database of stolen MACs as there is with IMEIs.

2: MACs can collide or be reused. There are a lot of machines out there that might have a different MAC because the software is license-locked to that ID, and the Ethernet card got toasted, of the machine was P2V-ed to save space.

3: If it compares MACs, it can be used to log where MACs go, which is another tracking mechanism. Not good.

Because there isn't an infrastructure for logging stolen MACs, nor there should be one, this is a pointless device.

Most thieves are idiots

[linuxwrangler]

Sure, some crooks might change the MAC but in many devices a hard reset will return it to the default. But a typical burglar kicks in your door, ransacks the house, grabs anything they think will make them a quick buck for next fix and runs.

I found my camera on Craigslist a couple days after it was stolen in just such a burglary. The cops called him up to "buy" it back and busted him. When I got my camera back it not only had the original configuration settings including my name as the author and copyright holder but also photos of the thief himself taken at the camera store where he tried to sell it.

Finding the manual and learning how to clear configurations and set MAC addresses is simply not in your average crook's play-book.

Re: Tax dollars hard at work

[John+Jorsett]

Right, that's the exact story the officer, Darren Wilson gave. And indeed, it was corroborated, by his girlfriend who wasn't even there. That's about all we know, because the case was not even allowed to go to trial. These are the kind of fundamental injustices people are upset about.

A forensic examination by the Obama Justice Department, an entity presumably not interested in covering up for a bad cop shooting an innocent black victim, found evidence consistent with Wilson's version of events. You don't have a trial when there's no evidence that a crime occurred.

Warrantless eavesdropping, not stolen goods

[billstewart]

This is another Stingray variant, for acquiring information without warrants, and isn't about stolen goods. It just has a better cover story, and a developer who's not insisting on NDAs to cover illegal mobile phone wiretapping because sucking up publicly broadcast information like SSIDs and MACs isn't explicitly illegal.

Your average 90 IQ police department isn't going to search for stolen iPhones even if the user comes to them and says"My phone got stolen, '$Get-My-Phone-Back-App' says it's located at 766 Valencia St, here's the picture of the user, Facebook says he's Pat Smith, mugshots-online.sf.ca.gov shows a matching picture and his record of petty theft and fencing, and the app shows he's been there for 3 hours, yes, I know that address is the Central Police Station, he's in Room 243. Can you walk upstairs and ask him to give my phone back?"

Your average police department also doesn't have a list of MAC addresses for stolen goods, nor do most theft victims - if my work laptop gets stolen, maybe the IT department has that somewhere, but if my home PC gets stolen, I don't, unless possibly my router's NAT table or my ISP has the MAC cached, but it's pretty unlikely.