Cop Invents Device That Sniffs MAC Addresses To Locate Stolen Devices
from the just-the-MACs,-ma'am dept
Law enforcement continues to look for a tech edge. (Whether it actually needs it as badly as it claims it does is still open to debate…) Techdirt reader Brig C. McCoy sends in news that an Iowa law enforcement officer is putting together yet another piece of in-car equipment — one that will sniff MAC addresses to locate stolen electronics. (via Slashdot)
Next month, an Iowa City police officer will introduce technology at the International Association of Chiefs of Police Conference in Chicago that could help law enforcement recover Wi-Fi-capable devices.
[…]
Law enforcement officers using L8NT would plug the USB device into their in-car laptops. The device would scan MAC addresses, looking for matches to known stolen items. The device has a range of about 300 feet and can be attached to a directional antenna to allow police to determine where the signal is coming from and obtain a warrant.
Weirdly, the thing that it could do best (caveats forthcoming) isn’t the thing Officer David Schwindt wants it to be used for. Sure, recovering the occasional stolen cellphone or tablet is cool. But you know what’s really cool? Whatever the hell it is that Schwindt thinks it could be used for, but would rather not discuss in detail.
“I foresee law enforcement using L8NT software to solve higher-level crimes,” said Schwindt, a 14-year veteran of the department.
“If your cellphone is stolen from a bar … that’s not necessarily what L8NT is intended for. But, if your home is burglarized and your cellphone is stolen, now, as a police chief, I’m interested” in that technology.
Even though it could be used passively to run MAC addresses against a hot sheet, it probably won’t be. Instead, it will take a criminal act of more severity before officers will even think about plugging the device in. Or it could just be used to perform an “audit” of any home’s electronic devices… because child porn is a problem.
Schwindt said the idea for the product came to him after taking a Small Office/Home Office investigations class. The class discussed child porn investigations and doing a “wireless audit” of a suspect’s residence to look for devices that would hold evidence and illegal material. The class taught investigators to scan for MAC addresses.
Schwint does point out that his invention won’t be able to pick up any additional information sent from devices. It will only acquire the MAC address. (I imagine future law enforcement clients will soon be making efforts to take the governor off the data hauler…) Locating stolen devices via L8NT “wardriving” could lead to the recovery of more stolen electronics. Or it may prove mostly useless.
As is pointed out at Slashdot, MAC addresses can be easily spoofed. Once criminals know devices like this are in use, they could make more proactive efforts to alter addresses on purloined devices. The other issue is that a MAC address isn’t really like a fingerprint: it isn’t necessarily unique.
Manufacturers re-use MAC Addresses and they ship cards with duplicate addresses to different parts of the United States or the world so that there is only a very small chance two computers with network cards with the same MAC Address will end up on the same network.
Now, the odds are small that police will run into conflicting, duplicate addresses, but this fact makes it impossible to guarantee that tracking down a MAC address actually means tracking down a stolen device. For that reason alone, L8NT’s architecture may be changed to grab more identifying info… which will lead to more questions about the constitutionality of the device, which will act like a low-level search of a home’s electronics. Its impact will also be blunted by the information it seeks, considering not every device is assigned a MAC address and addresses are unobtainable unless they’re turned on and connected to a Wi-Fi network.
I wouldn’t necessarily bash this officer’s idea, as it does achieve certain law enforcement goals without having to carve another slice out of the Fourth Amendment. But I’m hardly convinced this will remain a low-level surveillance device subject to built-in limitations. The best evidence for this is the officer’s statements themselves. It’s an electronics-sniffing device conceived during a discussion of child porn investigations and which has triggered happy visions of high-profile busts in its inventor’s head. Nothing about that combination bodes well for the built-in limitations surviving future iterations of L8NT. Add in the fact that a MAC address isn’t a perfect identifier and you’ve got a recipe for trouble.
Filed Under: iowa city police, law enforcement, mac address, stolen devices, surveillance
Comments on “Cop Invents Device That Sniffs MAC Addresses To Locate Stolen Devices”
Until...
We can use that to further track our mindless peasants… can’t let the cattle wander too far and wide now can we? Well yes we can, we will just keep tracking them!
Sorry, we all know how this one goes, it will be abused… guaranteed!!!
Funniest. Line. Ever.
Re: Re:
break the law in order to …..i want to say, follow the law, but
What’s the betting this will be used in an attempt to track mobile phones without having to go to the carrier?.
Re: Re:
Well, it would obviate the necessity of breaking out the increasingly risky (from a legal standpoint) Stingray’s where they have to drop cases when the Stingray’s usage is exposed. Seems like the same thing will happen with this.
Re: Re: Re:
The devil is in the details, but a Stingray seems more active than this device. A Stingray forces devices to connect to it. Collecting MAC addresses only listens to what your phone is screaming out at all times.
How many know their MAC
Just curious how Deputy Dawg knows that a certain MAC address is a stolen item? It’s not like he person reporting the missing device is going to know what their MAC address is/was, let alone report that to the police. And if they did, what are the odds that data makes it to a cop that has a clue about MAC addresses??
Whole thing sounds like a smoke and mirrors to me.
Re: How many know their MAC
Yeah, that’s what I was wondering. Heck, I’m a professional techie, and if my phone got stolen even I would have no idea what its MAC address is. How’s Joe Random Citizen supposed to be able to provide that info to police?
Re: Re: How many know their MAC
I know the MAC address of ALL devices on my network. I use IP ranges for different types of devices so I can easily determine what they are when I review my logs for suspicious activity. To do this I need to use DHCP to “Reserve” IP Addresses on my network. I need the MAC address to do that. If one of my devices gets stolen, I just go to the DHCP table on my router to look up the MAC address.
Re: Re: Re: How many know their MAC
Well then, I suggest you get a restraining order against Officer David Schwindt. Apparently, he’s gone through an unsettling amount of effort to design a system that will help you, and you alone. I’d be putting any pet bunnies in protective custody ASAP.
Re: Re: Re: How many know their MAC
Which implies that if you dont know how to do this yourself, more then likely these law abiding governments will ask to access your private devices(i define any device in your possesion as a private device)……….take away the fact these people having unrestricted physical access with the morality of peanuts, who feel the entitlement of no boundaries, concerned for those not so technically savvy, who automatically say yes to authority accessing their devices, not knowing just whats capable these days(pressies left behind:edit:pressies that are designed to leave payloads on any device that connects to it, if they have the abillity to make a router a victim, a for instance)………remember, you dont have to be a criminal these days, you dont need a warrent these days, apparently all these folks need to do anything is their entitlement to do anything…..then times that to the morality trait of the person………to them, their no sense of boundaries, its quite clear with their consistant reactions to public outcry, they feel entitled to their behaviour, which is, we can do what we want without consent
their seems to be allot of folks working in our respective governments who really shouldnt be working in our respective governments
A big job thats daunting to do in its immensity
I hope for the day, the day that goes down in history as the Mass Firing Of Global Government Employess 2016…….followed by the hollywood movie 6 months later with the word “reboot” in the title, in the ironic sense………followed by the Mass Firing Of Global Media Employess 2017………..followed by an internet film 6 months later with the exact title “Hollywood!Media!Ironic, huh!?”…..
Pretty sure thats how its gonna go down exactly, play by play book…..no doubts…… if im lying im dieing
Re: Re: Re: How many know their MAC
I don’t know the MAC addresses of my wireless devices, because they are all randomized and change with every connection.
I track which is which through certs.
Re: How many know their MAC
Some people use a MAC-based access list for their home router, so they could pull it from their router’s configuration. It might also be printed somewhere, like a sticker on the box the device came in (I’ve seen products sold with such stickers).
MAC addresses probably aren’t too hard to guess though. Spoofing a few thousand source MACs from Apple’s block might be enough to annoy the police with false positives.
Re: How many know their MAC
“how Deputy Dawg knows that a certain MAC address is a stolen item”
If it’s a stolen cellphone that has been reported to the police (and he mentions “if your home is burglarized and your cellphone is stolen”) then from your phone service provider, presumably. And if you’re the owner, it might be on your online account info or the provider could tell you and so it might be possible for the person to give the MAC address to the police. Otherwise they’d have to obtain it from the service provider (presumably with consent).
Re: How many know their MAC
Devices from our office were stolen a couple of years ago and the MAC addresses were given to the police.
Nothing has ever been recovered. Little hope now.
Re: Re: How many know their MAC
Don’t give up hope! Just think about it – you answer a call to the office, “We have that stolen Commodore 64 you reported 20 years ago.” You might even get an extra bonus from the boss!
Re: Re: Re: How many know their MAC
Can it run crisis?
Re: Re: Re: How many know their MAC
Commodore 64 with a MAC address, I’ve head of such things but thought it was only legend like unicorns.
Re: Re: Re:2 How many know their MAC
Computers don’t have MAC addresses, communications adapters do. That said, I once built an ethernet adapter for my C64 (I’m a weird hobbyist), so it had a MAC address!
Re: How many know their MAC
Mac’s are recorded on home wifi equipment and easily pulled by typing 192.168.0.1 or 192.169.1.1 into a web browser (for 99% of the routers out there anyway). Educate yourself before sounding like the tech ignorant troll you obviously are.
Conflicted
On one hand I can see the value something like this could have in weeding out suspects. On the other I can see how future iterations of this could be used in manner similar to stingrays.
I’ve had the idea for one of these “wi-fi stingrays” for a while. If anyone wants to avoid this, I reccomend disabling all radios (cell, wifi, bluetooth, etc) when you go out in public.
Re: Re:
I would love to have a manual all radio’s on/off switch on my phone.
Re: Re: Re:
That would be ideal. The best compromise I’ve come up with is configuring Cyanogenmod profiles (https://wiki.cyanogenmod.org/w/EndUser.Profiles) to disable/enable all radios at once. If you don’t have Cyanogenmod, there may be similar functionality available in an app but I haven’t checked.
Re: Re: Re: Re:
A Faraday bag.
Re: Re: Re:2 Re:
A Russian Mafioso’s wife’s baby carriage.
Re: Re: Re:
Doesn’t “Airplane Mode” accomlish this?
Re: Re: Re: Re:
That’s what I was thinking.
Re: Re: Re: Re:
Yes
Re: Re: Re:
Thats funny, pretty sure i know folks who have a vested interest in the public not having that capability, you know, that common sense thing that should have been their in the first place
Check out project ara, modular phone with interchangeable modules, closest thing ive found to such an ability, depending on whats packed into the exoskeleton
hmm, whatever could they be used for…
http://www.theblaze.com/stories/2013/11/12/seattle-installs-homeland-security-funded-white-box-mesh-network-capable-of-tracking-cellphones/
Don’t iPhone’s already randomize MAC addresses on boot?
Re: Re:
Apparently not.
https://www.washingtonpost.com/news/the-switch/wp/2014/09/25/apples-new-feature-to-curb-phone-tracking-wont-work-if-youre-actually-using-your-phone/
April 1st is a bit late, isn’t it?
Re: Re:
Career Cop decides to declare september 16th fools day, because terrorists
Re: Re: Re:
Damn, its september 17th, i missed it
The device has a range of about 300 feet and can be attached to a directional antenna to allow police to determine where the signal is coming from and obtain a warrant.
If that signal happens to originate within a person’s residence then any warrants or evidence collected based on the usage of this device would be fruit of the poisonous tree, in my opinion.
The majority opinion in Kyllo v. United States, 533 U.S. 27 (2001) didn’t allow the use of a device to detect heat levels emitting from a house where marijuana was being grown, so why would radio signals emitting from a private residence be any different?
Kyllo v. United States, 533 U.S. 27 (2001)
Re: Re:
Oops. Sorry about that last line. Forgot to clean up my cut and paste.
Just Spoof it, I can see the future of this device and the privacy outlook isn’t good.
http://www.bbc.com/news/technology-23665490
http://qz.com/112873/this-recycling-bin-is-following-you/
Which is why the iOS9’s MAC address randomization feature is so important for privacy. I wish Android did the same thing.
Re: Re:
Important, but not done as well as it could be. Last I heard, they use the random MAC for probing and switch to the assigned one when actually connecting. So, MACs can be sniffed if you’re actually connected to something (even with encryption). They (and Android) should default to always-random addresses, with an option to switch for MAC-filtered networks etc.
Re: Re:
Windows 10 can be set to randomize the MAC if hardware will support it.
Hack 5 is a great youtube channel...
Listen to this episode (starting at about 6 minutes in)….
https://hak5.org/episodes/hak5-1703
MAC addresses may not be unique
But you can count on the cops to forget that whenever it gets in the way of intruding somewhere they aren’t welcome.
Re: MAC addresses may not be unique
Exactly! This will just be another excuse they will use to search your vehicle, etc. They’ll claim a stolen device was detected even if it wasnt.
MAC sniffer
I hope this man knows that a legal warrant must be obtained before he can do anything.
A MAC address does not contain IP data, nor headers or an legally required information in order to obtain a warrant.
The ‘tool’ will be misused/abused.
Suspicion is not good enough to obtain a warrant, nobdy saw anything, no witness, no real evidence exists, so a warrant would not be issued.
The target might be able to sue based on the fact his computer might have been compromised by an illegal search.
There is no immunity to any criminal act, no matter who you are.
I hope the software is carefully written so that it does not inadvertently capture unencrypted data there was a little tech company out of Mountain View California that got into trouble sniffing for mac addresses to improve the accuracy of their maps and “over collecting data”. Caused a big stir and got congresscritters all in a huff I think their name is Giggle or Google or something like that….
Re: Re:
Cop invents device... that the private sector has been using for years
The only novelty is that the device is mobile, otherwise it’s just like any other retail surveillance product.
i.e. http://www.libelium.com/products/meshlium/smartphone-detection/
Well, they need something, and that is mostly smarter and more ethical people, and an agenda to pursue actual crime. There really doesn’t seem to be much improvement the last 10-15 years in tackling real IT-orientated crimes. They just keep buying into certain sorts of IT to continue with their overall surveillance mindset and pursue mostly petty crime that they like to build up into some major deal by tacking on endless charges from poorly written laws.
If the police (or other LEOs and national security apparatus) were as good as they say they are, and as smart and tech-savvy as they claim, with all their fun little toys, they would be taking down a lot more criminal organizations which sell and lease malware, botnets, etc., used to do things like commit identity fraud. But no, they are more interested in teenage sexting or whatever, and just general invasiveness.
ummm
http://lifehacker.com/randomize-your-computers-mac-address-with-this-script-1588874922IP0hksmoj0Mg&sig2=U3E_EfgN7RbNKMv4Ra-eVg&bvm=bv.102829193,d.cWw
now it dont take a genious how ot mod this to movile phones etc.
People are supposed to be free to receive and interpret any electromagnetic waves that cross their property, or in public spaces. Cops are people. So, they should be free to receive and interpret to any electromagnetic waves to further law enforcement, and in fact they would be foolish and incompetent not to. If your radio waves are saying “I’m a criminal” that’s no different than posting a sign outside your house saying the same thing. If you don’t want that, don’t emit electromagnetic waves.
Re: Re:
Is this supposed to be satire?
If you do not like police corruption do not use anything that would enable them to keep being a dirty cop.
I just read
and a shiver went down my spine with memories of Stuxnet’s distribution mechanism.
I just see this as another variation of LPR’s; they’ll track all the MAC addresses along with their locations and keep them around for searching at their leisure (for some unspecified period of time) with no oversight.
Amateurs!
MAC address can, and are, spoofed regularly. FWIW, iStuff regularly changes the MAC address so they cannot be traced. So, this id10t will be chasing his tail… He’ll be tracking down some poor sucker who hasn’t done anything wrong!
Re: Amateurs!
They’ll find something wrong for him to have done.
So... they have wifi and computers with mac addies so therefore they're suspect?
Here’s the story as I see it going down:
High-ranking official owns a beermaking business, but try as he might, his brews are not as good as those made by the local brewmeister. The locals buy Brewmeister beer, not HRO beer.
HRO needs Brewmeister out of the picture, and tells the commissioner to dispose of him. Brewmeister is a bit of a lush but otherwise relatively clean. However, an L8NT scan of Brewmeisters home reveals eleven mac addresses, some of which are probably phones and computers that might include child porn or other illegal content.
So they SWAT his house on probable cause, wipe out his family, take him in, beat a confession out of him and have the local DA plea bargain with him to six years in prison.
Meanwhile HRO repeats the process for all of the key officials in Brewmeister’s brewery until it can be bought for a song and put under HRO management.
The locals now buy HRO beer.
considering how just today we have a story about police trying to ruin the life of a young man simply because he refused to admit to something he did not do.
Why on earth would I expect police not to abuse this technology to spite other people that refuse to lick their boots
Writing software for a power equipment distributer a decade or so ago, I offered to add a stolen item tracking database. The serial numbers of mowers and other equipment sent to the dealers was already being tracked. They were tracked again from warranty cards came back from the end users. And again when warranty repair claims were sent back from the dealers. I’d simply add a database of items reported stolen, and watch for them being brought in for repair.
The idea was quickly dropped. Many common mower and engine models would have the same serial number for all of that model made on a given day.
Worse, the way it was distributed meant that a day’s run would go to the same distributor, and part of that would go to the same dealer. The same small town could easily end up with a bunch of mowers with the same serial number.
I’ve always wondered how many people were wrongly convicted because of that.
how to change your MAC address
In Linux anyway (copy code, paste in file called mac.sh and save, open terminal and type chmod +x mac.sh and then type ./mac.sh):
#!/bin/bash -x
MAC=00:`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 200 | md5sum | sed -r ‘s/^(.{10}).*$/1/;
s/([0-9a-f]{2})/1:/g; s/:$//;’`;
sudo ifconfig wlan0 down
sudo ifconfig wlan0 hw ether $MAC
sudo ifconfig wlan0 up
sudo service network-manager restart
Re: how to change your MAC address
Do you know to make it randomize automatically? On startup at least, but preferably every time you connect to a network or scan for wifi networks.
A MAC is supposed to be unique in all the universe. At least that’s the idea. But manufacturers can do what they want. They are trivial to spoof and most routers still give you a “clone MAC address” feature where you can type in whatever you want. And unlike a spoofed IP address, it’s much harder to spot a spoofed MAC address.
The odds of a random collision are ridiculous, but people are tricksy, so we are going to see more tomfoolery with scraping, spoofing, etc.
So, I wouldn’t be too concerned with the police scraping all my devices and confusing me with a serial murderer because of an address collision, just because of the odds.
But I could totally see someone getting “SWATTED” with spoofed devices or the police using some sort of stingray device (drone?) to sniff everyone’s MACs. That sounds dirty. Certainly this was ripe for privacy abuse and hackers. “Security through obscurity.”
Right now I would be worried more about someone with a 20 dollar SDR dongle hooked to a tablet, driving around your neighborhood sniffing your garage door openers, keyless entry systems and vehicle key fobs. Your bluetooth headphones, not so much.
Anthoer thing to add to their databases indefinatly
The funny thing is
There is no need to have a special device to do this. Anybody with a smartphone (at least an Android one, but I assume iPhones as well) can start sniffing MAC addresses in a matter of minutes.
The only “value add” the cop could be providing is to run a database of such addresses, but considering that MAC addresses are not guaranteed to be unique and are easily changeable by the user, the value of such a database is very low.
You could quite literally remove the word “stolen” from the title…
They can be changed
Mac addresses are know as hardware addresses. These hardware addresses can be changed, often at will — if you only know what to do. Doesn’t mean someone that stole a device knows what to do. Also, just having an electronic device doesn’t mean that it is connected to the web, or available via wifi of some sort. So limited use that can become ineffective if people know how to change the mac address.
Also, if it is available via wifi instead of 3g/4g, etc., then accessing the mac address over wifi would be a violation of the law without a specific warrant allowing the police to scan the devices in a given residence/business.
It's Not Worth Stealing.
As someone observed some years ago, burglary is a dying art. What with Moore’s Law, and manufacturing in China, so little stuff is still worth stealing. Things like tablet computers are a temporary and local exception.
I live in an apartment complex which is mostly student housing. Students, being young, are not bound by our obsolete notions of economic value. It is really rather amazing what goes into the dumpsters at term-end. The dumpsters overflow under extreme strain, so the debris is not actually in them, but on top and beside them, and it is easy to see what is being thrown out, without going to the extreme of dumpster-delving (some locals do come around to delve). There are small appliances of course, but also large quantities of clothing, books, household linens, furniture, and even items such as computers, and (in what I can only regard as satirical commentary) a set of golf clubs. The students have an accurate idea of what it costs to carry something as checked baggage on an airplane, the minimum charges of house movers, and the time-cost of running a yard sale. But they don’t have the kind of puritan compulsions which make me ashamed and angry when I have to throw something out because the Salvation Army flat-out doesn’t want it. That’s your bottom-level truth– in a more perfect cybernetic economy, durable goods become worth almost nothing.
Food is worth something, because it doesn’t stay bought. However food generally has little or no resale value.
The most recent New York Police Department abuse scandal (the James Blake case) involves a bungled investigation for credit card fraud in respect of a neetzie-cuckoo internet company which delivers durable goods (in this case, cellphones) to customers at street-corner locations. In the first place, the obvious remedy for the credit card companies is to harden their systems (eg. Chip & Pin). As for the goods themselves, and their mode of delivery, there is an old saying, “comfortable as an old shoe.” New shoes tend to involve blisters. That can be viewed as a metaphor for consumer durable goods. The enterprise of trying to deliver durable consumer goods to people so instantly that the goods cannot be delivered to their registered addresses is doomed to failure. One does not, after all, want to change into new clothes on the public street. Much the same applies to electronics, which are useless without personal data. The more expensive an electronic device is, the more complicated it is, and the more difficult to learn to use. The case would probably not have arisen if the internet business had restricted itself to delivering things to hotel guiests, either in their rooms, or via the hotel desk clerk. The natural point of delivery for stuff is to wherever the customer keeps his stuff. A company with a business model of delivering durable goods on street corners is bound to find itself drifting into conspiracy with credit-card fraudsters. I think the deliveryman was doing his best to turn State’s Evidence, and therefore pointed to whoever he could see.
My experience in West Virginia is that a minimum economic order for delivered pizza is about thirty dollars. When I’m feeling sick enough that I don’t want to go out, or I’m treed by winter snowfalls, I order one pizza item, and a bunch of salads, which can sit in the refrigerator for a few days. I presume prices in New York are rather higher. There seems to be a real question whether a basic “burner” cellphone, the sort of thing one might need for emergency communications, would be economically deliverable under a “pizza delivery” regime. Consulting Google, the price of a basic Tracfone seems to be about ten dollars, then once you’ve got it, you can use your credit card to load it up with minutes. It is not really plausible that an emergency replacement of a cellphone would be a big enough deal to be worth a courier’s while.
Over the last ten years or so, the single biggest set of hassles I have had about money have involved health insurance. If you make “worst-case” sets of assumptions about your health, you can easily be talking two or three hundred thousand dollars a year. To get the insurance premium down to a more reasonable level tends to involve “stress and strain.” When I was younger, I had university tuition issues. The tuition rate was not negotiable, but the number of hours of enrollment was, and likewise the meeting of specific requirements. The name of the game was to convince one’s professor to allow one to enroll for one credit-hour, reading books instead of attending classes. Money worries are associated with things which, in many countries, are government benefits.
The whole economy is swinging away from a street cop’s dimensions.
The future of crime is probably “crimes against the person.” I don’t know if you have ever heard of the case of Erica Pratt, the little girl in Southwest Philadelphia who, back in 2002, was kidnapped on the strength of a (probably false) rumor that her family had come into an insurance settlement. This was an ordinary little slum girl, whose runaway father and uncles were apparently street-corner men, involved in the usual range of illicit dealing. However she’s a good girl, in spite of everything. One of her male relatives got killed in the course of business, and rumors flew around the neighborhood about a life-insurance settlement. So some men kidnapped Erica and demanded ransom. This was not particularly realistic, because as anyone who has ever dealt with insurance companies knows, they work in mysterious ways (“like God, only not half so generous,” as someone put it). Being entitled to an insurance settlement is by no means the same thing as having available cash. The girl managed to escape, and of course the kidnappers were caught, as one might expect of such stupid men, and given good, solid thirty-and-forty-year prison sentences.
https://en.wikipedia.org/wiki/Erica_Pratt
Incidentally, re MAC addresses: they are 48 bits (256 trillion addresses), so the likelihood of collisions, in an area of a couple of hundred yards, with, say a thousand phones, is on the order of a hundred billion to one.