What Is the Best Way To Track Stolen Gadgets?

An anonymous reader writes "Now that gadgets can determine their location and phone home, many companies are creating tools for finding lost and stolen gadgets. It sounds like a simple process, but this NY Times article describes a number of wildly different approaches. Some report all of the information back to the owner while others deliberately keep the owner in the dark to avoid dangerous confrontations. Some start grabbing pictures from the web cameras and logging keystrokes. Others just record IP addresses. Some don't do anything but record serial numbers to make it easier for the police to do their job. Are sophisticated systems dangerous because the tracking mechanisms could be misused to violate the privacy of the owner? Are the stakes different when a company purchases the software and gives the IT manager the ability to track everyone in the company? What are the best practices that are emerging? What should I recommend if my boss reads this article and wants to track our laptops and Blackberries?"

Re:The termitethingie

[Krneki]

Build it in... When for x time no 'special' password is given the termite gets an ignitionsource. It should be quite easy after that to spot the thief. Whoever smells like bacon most is the one you're after :)

In Italy a person got his car stereo stolen twice in 1 week, the 3rd time he mounted some sharp knifes as a defensive mechanism. Two days later he found 4 fingers in his car. The police was not happy. I'm not sure how the story ended in a court.

Secure vs trackable

[RiotingPacifist]

Short of a hardware based tracker, all the software methods seam to give up any hope of securing a system.
*To get a picture on a webcam you need to let the thief login,
*To connect to an encrypted AP you need to let the thief login,
*To get the gadget turned on for sustained amounts of time you need to let the thief login...

There are some potential exceptions,
*you could have bios periodically turn on, boot to a custom kernel,scan for APs and report its position (could use something like wesside-ng to report its location even if only WEP APs are available),
*you could have fake passwords (idiot words?) log you into a fake login/partition, but 1) this raises huge security issues 2) AFAIK this has not been implemented by any OS yet.

Don't bother

[SlamMan]

You don't - you have remote disable/nuke options. Once something is stolen, the odds of you getting it back at pretty small, since regardless of whatever tech means you have of identifying the owner, you still need to have someone go get it from the thief. Better option is to disable the device remotely (Blackberries have a nice set of tools for this). Once its gone, its gone, but this way they don't have your data or a working device.

Re:Secure vs trackable

[Hatta]

*you could have fake passwords (idiot words?) log you into a fake login/partition, but 1) this raises huge security issues 2) AFAIK this has not been implemented by any OS yet.

Not a problem. Dual boot windows and linux. Set grub to default to boot windows and hide the menu. Encrypt your entire linux partition. Problem solved. No security issues, and no OS support needed. You should have a dummy partition set up anyway, if you ever want to cross the border with your laptop.

Re:Secure vs trackable

[Anonymous Coward]

I use Orbicule's Undercover. Most laptop thieves are greedier than they are smart. I leave a guest account on my MacBook Pro, with no password. If they log into it, they can play with the system and log it into the network themselves.

Getting a thief to log in is simple. They are going to want to see that the thing they just stole works, or prove it to someone when they hawk/sell it. The guest account on the Mac is a perfect "honeypot" for this type of endeavor.

Your mileage may vary with Windows. Not sure how safe a guest account is. On a Mac it's pretty darned safe.

Re:making thievery more risky - good!

[Anonymous Coward]

I've seen some really nasty stuff people have done with custom ROMS on their cellphones, if a thief yanks out their SIM card and puts in their own. Some of those include:

Setting a password on the thief's SIM card, then doing a bunch of false guesses on it to lock it, then a bunch of attempts against the PUC (unblocking code that the SIM card provider has) to permanently render the SIM card unusable.

Dialing numbers in the thief's SIM card and playing messages at random to the people on the address book day and night.

Sending thousands of SMS and MMS messages out. Yes, the thief might have a nice phone, but they will have a multi thousand dollar bill on their plan too.

Re:The termitethingie

[Mister Whirly]

Not made up. My friend did almost the same thing with double edged razors on the back of his stereo. He had 3 stereos stolen from his car over the course of 2 years and was determined to not let it happen again. He went out one morning to find his car door open wide, and a gratuitous amount of blood all over the interior of his car. His stereo was still there - the thief had started to steal it, then reached around back to pull it out and cut himself badly. The unfortunate thing was that it cost quite a bit to get all the blood cleaned out from his car.

Re:pushing theft into organized crime

[Fred Nurk]

I work for an IT company in Australia & we have recovered 2 laptops in the last 4 months that were stolen, 1 in Australia & the other in New Zealand. Both times the thief used the laptop to check hotmail accounts & face book, We set management software to email us when the laptop comes on line. We can use scripts to silently load a keylogger that uploads the info every 5 minutes to an FTP site or set the webcam to do the same if we need to. The laptop in New Zealand was just a case of connecting a VNC session to the machine & watching the not very bright thief log in to her facebook account. She didn't notice that we were watching her. Report her name & the details of the IP address to the police & they obtained a physical address from the ISP & she was arrested leading to one unhappy thief & one very happy customer. I know that other people who use the software have gone a lot further with logging info from the stolen device & have looked into uploading info from the microphone on the laptop & video streaming from the webcam. Admittedly this only works with dumb thieves as a reimage of the laptop would have wiped the management software but recovery is possible in some cases.

MobileMe

[mr100percent]

I like how Apple lets me track my iPhone (and even laptops to some extent) via MobileMe. The iPhone (or iPod touch) shows up on a google map on the MobileMe website, and updates live with location. /. posted a story about a man who recovered his iPhone (though he acted arguably foolishly by showing up unarmed to collect). Also noteworthy was a woman who used the Back to my Mac feature to login to her stolen laptop, access the webcam and snap and email a photo. OS X Snow Leopard is said to have location services built into the OS, we may see an expansion of the tracking services in a few months