Cop Invents Device That Sniffs MAC Addresses To Locate Stolen Devices

from the just-the-MACs,-ma'am dept

Law enforcement continues to look for a tech edge. (Whether it actually needs it as badly as it claims it does is still open to debate…) Techdirt reader Brig C. McCoy sends in news that an Iowa law enforcement officer is putting together yet another piece of in-car equipment — one that will sniff MAC addresses to locate stolen electronics. (via Slashdot)

Next month, an Iowa City police officer will introduce technology at the International Association of Chiefs of Police Conference in Chicago that could help law enforcement recover Wi-Fi-capable devices.


Law enforcement officers using L8NT would plug the USB device into their in-car laptops. The device would scan MAC addresses, looking for matches to known stolen items. The device has a range of about 300 feet and can be attached to a directional antenna to allow police to determine where the signal is coming from and obtain a warrant.

Weirdly, the thing that it could do best (caveats forthcoming) isn’t the thing Officer David Schwindt wants it to be used for. Sure, recovering the occasional stolen cellphone or tablet is cool. But you know what’s really cool? Whatever the hell it is that Schwindt thinks it could be used for, but would rather not discuss in detail.

“I foresee law enforcement using L8NT software to solve higher-level crimes,” said Schwindt, a 14-year veteran of the department.

“If your cellphone is stolen from a bar … that’s not necessarily what L8NT is intended for. But, if your home is burglarized and your cellphone is stolen, now, as a police chief, I’m interested” in that technology.

Even though it could be used passively to run MAC addresses against a hot sheet, it probably won’t be. Instead, it will take a criminal act of more severity before officers will even think about plugging the device in. Or it could just be used to perform an “audit” of any home’s electronic devices… because child porn is a problem.

Schwindt said the idea for the product came to him after taking a Small Office/Home Office investigations class. The class discussed child porn investigations and doing a “wireless audit” of a suspect’s residence to look for devices that would hold evidence and illegal material. The class taught investigators to scan for MAC addresses.

Schwint does point out that his invention won’t be able to pick up any additional information sent from devices. It will only acquire the MAC address. (I imagine future law enforcement clients will soon be making efforts to take the governor off the data hauler…) Locating stolen devices via L8NT “wardriving” could lead to the recovery of more stolen electronics. Or it may prove mostly useless.

As is pointed out at Slashdot, MAC addresses can be easily spoofed. Once criminals know devices like this are in use, they could make more proactive efforts to alter addresses on purloined devices. The other issue is that a MAC address isn’t really like a fingerprint: it isn’t necessarily unique.

Manufacturers re-use MAC Addresses and they ship cards with duplicate addresses to different parts of the United States or the world so that there is only a very small chance two computers with network cards with the same MAC Address will end up on the same network.

Now, the odds are small that police will run into conflicting, duplicate addresses, but this fact makes it impossible to guarantee that tracking down a MAC address actually means tracking down a stolen device. For that reason alone, L8NT’s architecture may be changed to grab more identifying info… which will lead to more questions about the constitutionality of the device, which will act like a low-level search of a home’s electronics. Its impact will also be blunted by the information it seeks, considering not every device is assigned a MAC address and addresses are unobtainable unless they’re turned on and connected to a Wi-Fi network.

I wouldn’t necessarily bash this officer’s idea, as it does achieve certain law enforcement goals without having to carve another slice out of the Fourth Amendment. But I’m hardly convinced this will remain a low-level surveillance device subject to built-in limitations. The best evidence for this is the officer’s statements themselves. It’s an electronics-sniffing device conceived during a discussion of child porn investigations and which has triggered happy visions of high-profile busts in its inventor’s head. Nothing about that combination bodes well for the built-in limitations surviving future iterations of L8NT. Add in the fact that a MAC address isn’t a perfect identifier and you’ve got a recipe for trouble.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Cop Invents Device That Sniffs MAC Addresses To Locate Stolen Devices”

Subscribe: RSS Leave a comment
MO'B (profile) says:

How many know their MAC

Just curious how Deputy Dawg knows that a certain MAC address is a stolen item? It’s not like he person reporting the missing device is going to know what their MAC address is/was, let alone report that to the police. And if they did, what are the odds that data makes it to a cop that has a clue about MAC addresses??
Whole thing sounds like a smoke and mirrors to me.

Anonymous Coward says:

Re: Re: How many know their MAC

I know the MAC address of ALL devices on my network. I use IP ranges for different types of devices so I can easily determine what they are when I review my logs for suspicious activity. To do this I need to use DHCP to “Reserve” IP Addresses on my network. I need the MAC address to do that. If one of my devices gets stolen, I just go to the DHCP table on my router to look up the MAC address.

Anonymous Coward says:

Re: Re: Re: How many know their MAC

Which implies that if you dont know how to do this yourself, more then likely these law abiding governments will ask to access your private devices(i define any device in your possesion as a private device)……….take away the fact these people having unrestricted physical access with the morality of peanuts, who feel the entitlement of no boundaries, concerned for those not so technically savvy, who automatically say yes to authority accessing their devices, not knowing just whats capable these days(pressies left behind:edit:pressies that are designed to leave payloads on any device that connects to it, if they have the abillity to make a router a victim, a for instance)………remember, you dont have to be a criminal these days, you dont need a warrent these days, apparently all these folks need to do anything is their entitlement to do anything…..then times that to the morality trait of the person………to them, their no sense of boundaries, its quite clear with their consistant reactions to public outcry, they feel entitled to their behaviour, which is, we can do what we want without consent

their seems to be allot of folks working in our respective governments who really shouldnt be working in our respective governments

A big job thats daunting to do in its immensity

I hope for the day, the day that goes down in history as the Mass Firing Of Global Government Employess 2016…….followed by the hollywood movie 6 months later with the word “reboot” in the title, in the ironic sense………followed by the Mass Firing Of Global Media Employess 2017………..followed by an internet film 6 months later with the exact title “Hollywood!Media!Ironic, huh!?”…..

Pretty sure thats how its gonna go down exactly, play by play book… doubts…… if im lying im dieing

Anonymous Coward says:

Re: How many know their MAC

Some people use a MAC-based access list for their home router, so they could pull it from their router’s configuration. It might also be printed somewhere, like a sticker on the box the device came in (I’ve seen products sold with such stickers).

MAC addresses probably aren’t too hard to guess though. Spoofing a few thousand source MACs from Apple’s block might be enough to annoy the police with false positives.

Anonymous Coward says:

Re: How many know their MAC

“how Deputy Dawg knows that a certain MAC address is a stolen item”

If it’s a stolen cellphone that has been reported to the police (and he mentions “if your home is burglarized and your cellphone is stolen”) then from your phone service provider, presumably. And if you’re the owner, it might be on your online account info or the provider could tell you and so it might be possible for the person to give the MAC address to the police. Otherwise they’d have to obtain it from the service provider (presumably with consent).

Anonymous Coward says:

Re: Re: Re:

Thats funny, pretty sure i know folks who have a vested interest in the public not having that capability, you know, that common sense thing that should have been their in the first place

Check out project ara, modular phone with interchangeable modules, closest thing ive found to such an ability, depending on whats packed into the exoskeleton

Gwiz (profile) says:

The device has a range of about 300 feet and can be attached to a directional antenna to allow police to determine where the signal is coming from and obtain a warrant.

If that signal happens to originate within a person’s residence then any warrants or evidence collected based on the usage of this device would be fruit of the poisonous tree, in my opinion.

The majority opinion in Kyllo v. United States, 533 U.S. 27 (2001) didn’t allow the use of a device to detect heat levels emitting from a house where marijuana was being grown, so why would radio signals emitting from a private residence be any different?

Kyllo v. United States, 533 U.S. 27 (2001)

Anonymous Coward says:

Re: Re:

Which is why the iOS9’s MAC address randomization feature is so important

Important, but not done as well as it could be. Last I heard, they use the random MAC for probing and switch to the assigned one when actually connecting. So, MACs can be sniffed if you’re actually connected to something (even with encryption). They (and Android) should default to always-random addresses, with an option to switch for MAC-filtered networks etc.

Ernest Erickson (profile) says:

MAC sniffer

I hope this man knows that a legal warrant must be obtained before he can do anything.
A MAC address does not contain IP data, nor headers or an legally required information in order to obtain a warrant.
The ‘tool’ will be misused/abused.
Suspicion is not good enough to obtain a warrant, nobdy saw anything, no witness, no real evidence exists, so a warrant would not be issued.
The target might be able to sue based on the fact his computer might have been compromised by an illegal search.
There is no immunity to any criminal act, no matter who you are.

Anonymous Coward says:

I hope the software is carefully written so that it does not inadvertently capture unencrypted data there was a little tech company out of Mountain View California that got into trouble sniffing for mac addresses to improve the accuracy of their maps and “over collecting data”. Caused a big stir and got congresscritters all in a huff I think their name is Giggle or Google or something like that….

orbitalinsertion (profile) says:

Law enforcement continues to look for a tech edge. (Whether it actually needs it as badly as it claims it does is still open to debate…)

Well, they need something, and that is mostly smarter and more ethical people, and an agenda to pursue actual crime. There really doesn’t seem to be much improvement the last 10-15 years in tackling real IT-orientated crimes. They just keep buying into certain sorts of IT to continue with their overall surveillance mindset and pursue mostly petty crime that they like to build up into some major deal by tacking on endless charges from poorly written laws.

If the police (or other LEOs and national security apparatus) were as good as they say they are, and as smart and tech-savvy as they claim, with all their fun little toys, they would be taking down a lot more criminal organizations which sell and lease malware, botnets, etc., used to do things like commit identity fraud. But no, they are more interested in teenage sexting or whatever, and just general invasiveness.

BentFranklin (profile) says:

People are supposed to be free to receive and interpret any electromagnetic waves that cross their property, or in public spaces. Cops are people. So, they should be free to receive and interpret to any electromagnetic waves to further law enforcement, and in fact they would be foolish and incompetent not to. If your radio waves are saying “I’m a criminal” that’s no different than posting a sign outside your house saying the same thing. If you don’t want that, don’t emit electromagnetic waves.

Ben (profile) says:

I just read

L8NT would plug the USB device into their in-car laptops

and a shiver went down my spine with memories of Stuxnet’s distribution mechanism.

I just see this as another variation of LPR’s; they’ll track all the MAC addresses along with their locations and keep them around for searching at their leisure (for some unspecified period of time) with no oversight.

Uriel-238 (profile) says:

So... they have wifi and computers with mac addies so therefore they're suspect?

Here’s the story as I see it going down:

High-ranking official owns a beermaking business, but try as he might, his brews are not as good as those made by the local brewmeister. The locals buy Brewmeister beer, not HRO beer.

HRO needs Brewmeister out of the picture, and tells the commissioner to dispose of him. Brewmeister is a bit of a lush but otherwise relatively clean. However, an L8NT scan of Brewmeisters home reveals eleven mac addresses, some of which are probably phones and computers that might include child porn or other illegal content.

So they SWAT his house on probable cause, wipe out his family, take him in, beat a confession out of him and have the local DA plea bargain with him to six years in prison.

Meanwhile HRO repeats the process for all of the key officials in Brewmeister’s brewery until it can be bought for a song and put under HRO management.

The locals now buy HRO beer.

Roger Strong (profile) says:

The other issue is that a MAC address isn’t really like a fingerprint: it isn’t necessarily unique.

Writing software for a power equipment distributer a decade or so ago, I offered to add a stolen item tracking database. The serial numbers of mowers and other equipment sent to the dealers was already being tracked. They were tracked again from warranty cards came back from the end users. And again when warranty repair claims were sent back from the dealers. I’d simply add a database of items reported stolen, and watch for them being brought in for repair.

The idea was quickly dropped. Many common mower and engine models would have the same serial number for all of that model made on a given day.

Worse, the way it was distributed meant that a day’s run would go to the same distributor, and part of that would go to the same dealer. The same small town could easily end up with a bunch of mowers with the same serial number.

I’ve always wondered how many people were wrongly convicted because of that.

Anon says:

how to change your MAC address

In Linux anyway (copy code, paste in file called and save, open terminal and type chmod +x and then type ./

#!/bin/bash -x

MAC=00:`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 200 | md5sum | sed -r ‘s/^(.{10}).*$/1/;
s/([0-9a-f]{2})/1:/g; s/:$//;’`;

sudo ifconfig wlan0 down

sudo ifconfig wlan0 hw ether $MAC

sudo ifconfig wlan0 up

sudo service network-manager restart

Mark Wing (user link) says:

A MAC is supposed to be unique in all the universe. At least that’s the idea. But manufacturers can do what they want. They are trivial to spoof and most routers still give you a “clone MAC address” feature where you can type in whatever you want. And unlike a spoofed IP address, it’s much harder to spot a spoofed MAC address.

The odds of a random collision are ridiculous, but people are tricksy, so we are going to see more tomfoolery with scraping, spoofing, etc.

So, I wouldn’t be too concerned with the police scraping all my devices and confusing me with a serial murderer because of an address collision, just because of the odds.

But I could totally see someone getting “SWATTED” with spoofed devices or the police using some sort of stingray device (drone?) to sniff everyone’s MACs. That sounds dirty. Certainly this was ripe for privacy abuse and hackers. “Security through obscurity.”

Right now I would be worried more about someone with a 20 dollar SDR dongle hooked to a tablet, driving around your neighborhood sniffing your garage door openers, keyless entry systems and vehicle key fobs. Your bluetooth headphones, not so much.

John Fenderson (profile) says:

The funny thing is

There is no need to have a special device to do this. Anybody with a smartphone (at least an Android one, but I assume iPhones as well) can start sniffing MAC addresses in a matter of minutes.

The only “value add” the cop could be providing is to run a database of such addresses, but considering that MAC addresses are not guaranteed to be unique and are easily changeable by the user, the value of such a database is very low.

Jimb says:

They can be changed

Mac addresses are know as hardware addresses. These hardware addresses can be changed, often at will — if you only know what to do. Doesn’t mean someone that stole a device knows what to do. Also, just having an electronic device doesn’t mean that it is connected to the web, or available via wifi of some sort. So limited use that can become ineffective if people know how to change the mac address.

Also, if it is available via wifi instead of 3g/4g, etc., then accessing the mac address over wifi would be a violation of the law without a specific warrant allowing the police to scan the devices in a given residence/business.

Andrew D. Todd (user link) says:

It's Not Worth Stealing.

As someone observed some years ago, burglary is a dying art. What with Moore’s Law, and manufacturing in China, so little stuff is still worth stealing. Things like tablet computers are a temporary and local exception.

I live in an apartment complex which is mostly student housing. Students, being young, are not bound by our obsolete notions of economic value. It is really rather amazing what goes into the dumpsters at term-end. The dumpsters overflow under extreme strain, so the debris is not actually in them, but on top and beside them, and it is easy to see what is being thrown out, without going to the extreme of dumpster-delving (some locals do come around to delve). There are small appliances of course, but also large quantities of clothing, books, household linens, furniture, and even items such as computers, and (in what I can only regard as satirical commentary) a set of golf clubs. The students have an accurate idea of what it costs to carry something as checked baggage on an airplane, the minimum charges of house movers, and the time-cost of running a yard sale. But they don’t have the kind of puritan compulsions which make me ashamed and angry when I have to throw something out because the Salvation Army flat-out doesn’t want it. That’s your bottom-level truth– in a more perfect cybernetic economy, durable goods become worth almost nothing.

Food is worth something, because it doesn’t stay bought. However food generally has little or no resale value.

The most recent New York Police Department abuse scandal (the James Blake case) involves a bungled investigation for credit card fraud in respect of a neetzie-cuckoo internet company which delivers durable goods (in this case, cellphones) to customers at street-corner locations. In the first place, the obvious remedy for the credit card companies is to harden their systems (eg. Chip & Pin). As for the goods themselves, and their mode of delivery, there is an old saying, “comfortable as an old shoe.” New shoes tend to involve blisters. That can be viewed as a metaphor for consumer durable goods. The enterprise of trying to deliver durable consumer goods to people so instantly that the goods cannot be delivered to their registered addresses is doomed to failure. One does not, after all, want to change into new clothes on the public street. Much the same applies to electronics, which are useless without personal data. The more expensive an electronic device is, the more complicated it is, and the more difficult to learn to use. The case would probably not have arisen if the internet business had restricted itself to delivering things to hotel guiests, either in their rooms, or via the hotel desk clerk. The natural point of delivery for stuff is to wherever the customer keeps his stuff. A company with a business model of delivering durable goods on street corners is bound to find itself drifting into conspiracy with credit-card fraudsters. I think the deliveryman was doing his best to turn State’s Evidence, and therefore pointed to whoever he could see.

My experience in West Virginia is that a minimum economic order for delivered pizza is about thirty dollars. When I’m feeling sick enough that I don’t want to go out, or I’m treed by winter snowfalls, I order one pizza item, and a bunch of salads, which can sit in the refrigerator for a few days. I presume prices in New York are rather higher. There seems to be a real question whether a basic “burner” cellphone, the sort of thing one might need for emergency communications, would be economically deliverable under a “pizza delivery” regime. Consulting Google, the price of a basic Tracfone seems to be about ten dollars, then once you’ve got it, you can use your credit card to load it up with minutes. It is not really plausible that an emergency replacement of a cellphone would be a big enough deal to be worth a courier’s while.

Over the last ten years or so, the single biggest set of hassles I have had about money have involved health insurance. If you make “worst-case” sets of assumptions about your health, you can easily be talking two or three hundred thousand dollars a year. To get the insurance premium down to a more reasonable level tends to involve “stress and strain.” When I was younger, I had university tuition issues. The tuition rate was not negotiable, but the number of hours of enrollment was, and likewise the meeting of specific requirements. The name of the game was to convince one’s professor to allow one to enroll for one credit-hour, reading books instead of attending classes. Money worries are associated with things which, in many countries, are government benefits.

The whole economy is swinging away from a street cop’s dimensions.

The future of crime is probably “crimes against the person.” I don’t know if you have ever heard of the case of Erica Pratt, the little girl in Southwest Philadelphia who, back in 2002, was kidnapped on the strength of a (probably false) rumor that her family had come into an insurance settlement. This was an ordinary little slum girl, whose runaway father and uncles were apparently street-corner men, involved in the usual range of illicit dealing. However she’s a good girl, in spite of everything. One of her male relatives got killed in the course of business, and rumors flew around the neighborhood about a life-insurance settlement. So some men kidnapped Erica and demanded ransom. This was not particularly realistic, because as anyone who has ever dealt with insurance companies knows, they work in mysterious ways (“like God, only not half so generous,” as someone put it). Being entitled to an insurance settlement is by no means the same thing as having available cash. The girl managed to escape, and of course the kidnappers were caught, as one might expect of such stupid men, and given good, solid thirty-and-forty-year prison sentences.

Incidentally, re MAC addresses: they are 48 bits (256 trillion addresses), so the likelihood of collisions, in an area of a couple of hundred yards, with, say a thousand phones, is on the order of a hundred billion to one.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...