What Is the Best Way To Track Stolen Gadgets? 101
An anonymous reader writes "Now that gadgets can determine their location and phone home, many companies are creating tools for finding lost and stolen gadgets. It sounds like a simple process, but this NY Times article describes a number of wildly different approaches. Some report all of the information back to the owner while others deliberately keep the owner in the dark to avoid dangerous confrontations. Some start grabbing pictures from the web cameras and logging keystrokes. Others just record IP addresses. Some don't do anything but record serial numbers to make it easier for the police to do their job. Are sophisticated systems dangerous because the tracking mechanisms could be misused to violate the privacy of the owner? Are the stakes different when a company purchases the software and gives the IT manager the ability to track everyone in the company? What are the best practices that are emerging? What should I recommend if my boss reads this article and wants to track our laptops and Blackberries?"
Re:making thievery more risky - good! (Score:5, Informative)
In addition to Undercover [orbicule.com] on my Mac, I've made some home rolled solutions.
1) Installed AutoSSH and set it up ssh back to a Virtual Machine (sandboxed) on my home server. Also helps if I leave my machine on somewhere safe but forget (or aren't able) to forward ports. It has a reverse port forward to the ssh server on my Mac. Meaning anytime I can get to my home server and so can my Mac, I can get to my Mac.
autossh -M 9005 -D 1080 -R 2222:127.0.0.1:22 www.example.org
2) Another LaunchD (cron) process that curls a simple URL through the ssh socks proxy (ssh -D) that is a simple 1 or 0. (1 Stolen, 0 Not-Stolen). If it sees that it is stolen it'll just start taking pictures with the iSight (iSightCapture) and the desktop (screencapture) and uploading them to my host through scp. Literally in a while loop so as soon as it gets one photo, it gets another, and another, and another, etc...
3) I have logKext, a password keylogger, installed. Every hour (keyLog-00h.log) and then once per day (keyLog-20090824.log) it uploads a copy of the encrypted log to my host. If anyone steals my laptop and uses it to type anything personal (e-mail, passwords, phone numbers) I'll immediately get
Most thieves aren't what you see in Oceans 11 after all your money, they're low income thieves. When someone broke into my car and stole my wallet, both credit cards were immediately used at 2 Walmarts 10 minutes in either direction for $300-$500 repeatedly until I called to cancel. They're not going to wipe the drive, do an EFI wipe to ensure there are no 'bios' keyloggers.
I wouldn't be surprised if the first thing a thief around here did was check his or her facebook and myspace page and then send an e-mail to his or her friends using a hotmail account.
Is your data imortant? (Score:2, Informative)
You can choose to wipe the entire system remotely if you are using the right software and yes, we all know the best approach is to encrypt the data in the first place.
You can choose to use tools to recover it if the laptop doesn't get immediately formatted by the thief. Webcam screenshot capture, video capture, desktop snapshot collection, browser history collection, audio to mp3 recording, key loggers etc can all be done silently in the background and their data can be sent up to a central server so long as the system connects to the internet (Windows or OS X, I've pieced the scripts together for most of these). Personal data can be remotely browsed and returned as well.
On my personal experience with this....Over the years a number of our customers have used our software have tracked down and recovered stolen laptops and in turn allowed the police to recover other stolen items. Currently we've got someone who is hopefully going to get a warrant to recover a laptop among other things that were simultaneously stolen (TV, WWII memorabilia including firearms) thanks to the overwhelming evidence he is able to present to the police. Another recent case I worked on was with a gentleman in Australia who recovered a stolen laptop and in turn helped the police apprehend two other suspects and recover 50+ items. Story is here: http://www.crn.com.au/News/153253,kaseya-tracks-down-stolen-laptop-in-melbourne.aspx [crn.com.au] (I am the 'tech guy' mentioned...)
Re:The termitethingie (Score:3, Informative)
Re:The termitethingie (Score:3, Informative)
The story is over 10 years old, and I could not find any follow-up that indicated prosecution (yes I can read Italian). Anyway, as far as I know, one is not required to make his car a safe place for thieves; as long as detention of those knives was not illegal, the guy should not have had any trouble. You cannot be held responsible if someone breaks into your property and gets hurt; if you had invited him in, then that would be something.
Also, this man could simply have shut up: a car thief would probably never have reported the incident (ridiculous lawsuits are uncommon it Italy. No we don't have a sane system, it's insane in other ways). This looks like a tall story someone made up to scare off thieves.
GadgetTrak - Privacy Safe Tracking (Score:3, Informative)
Hello,
My name is Ken Westin, I am the founder of GadgetTrak ( www.gadgettrak.com ) one of the companies mentioned in the article and we provide tracking software for a range of devices including Mac, Windows, Blackberry, Windows Mobile and others. The privacy component was a critical factor in our design, looking at other solutions we saw that a lot of data including location, photos etc were being sent to the companies server, some even provide a monitoring center with a backdoor into the system. When we designed our software we did so in a way that would respect user privacy.
For example with our laptop software MacTrak and PC-Trak the only data we have is if the device tracking is active or not, the location and photos captured goes to the device owner's email address as well as Flickr account, so it goes to accounts that the owner controls and never to us. When a device is stolen we ask the customer to friend us on Flickr and share the photo and data, or they can just forward it to us. There is no reason to have this type of data come to our servers if we can avoid it. In the future we may have an option for the user to CHOOSE to upload this data to a server, but we will always provide the device owner with the control of how this data is managed.
You can read more about our philosophy here:
http://www.gadgettrak.com/products/mac/privacy/ [gadgettrak.com]
Our mobile phone software also has the capability to remotely wipe data from the device as well as track it. The mobile phone software is triggered by SMS messages. The software has a password with it as well, so if the device is stolen the user sends and SMS message with a command and the software password to activate various functions including tracking, data wipe, trigger an alarm, lock device and others. Again this data does not go through a server, it is done between the device owner and the device itself.
We also pioneered the USB software for iPods, flash drives and other devices that was mentioned in the store and have a patent for it, all data is encrypted and transmitted securely.
We come from a security background and are extremely paranoid about privacy ourselves, this is why we made sure that no photo or location data ever touches our servers. The best way to ensure privacy of this type of information is to build the software so there is no way it can transmit it to you, remove the man in the middle altogether. We also believe that this data should be provided to you, after all it is your device you should be given the data and be able to decide what to do with it. We assist in the recovery process and work with law enforcement, however the data goes to you first. It is very much backwards from the traditional approach where the data is sent to a monitoring center where they have a back door into your system and they only share that data with law enforcement, some will refuse to provide you with this data even though it is your device.
Let me know if you have any questions, or suggestions.
Thank you
Ken Westin
GadgetTrak Founder