L8NT Device Recovery

Changing the way we recover stolen devices

By Elijah Woodward  |   Oct 7, 2015

Ever taken a report for a stolen iPad/iPhone/any electronic device? (If the answer is no, what planet do you live on?!) We all have. And what’s the first thing we ask our victim?

“Do you have a serial number for the device?”

And what does the victim always say?

“Well … no.”

And the sad part is, unless that device gets sold to a pawn shop or somewhere that actually does keep track of the serial number and there is some way for them to report that to law enforcement, the chances of that device ever getting found are really, really slim.

Well, someone is out to change that: Officer David Schwindt of www.L8NTwifi.com

Game Changer

Officer Schwindt is, much like myself, a geek stuck in a police job. Recently he developed something called L8NT (pronounced “Latent”) that I think is going to change the way we do police work.

[Full disclosure: I am in no way associated with Officer Schwindt or his product, and I don’t receive a dime for writing about him or his product. I truly believe this product is going to change the way we do our jobs.]

It all boils down to the fact that every single device that connects to a network has to have something called a Media Access Control Address (MAC Address). No MAC address? No network for you! They look something like this: 00:0D:81:AC:AC:AC.

Exercise Time

To find your own MAC address, hit the start (or Windows) key on your keyboard and type in “cmd” then hit enter. You should pop up a scary little window you might have seen before. Relax, it’s not that scary. This is called the command prompt, command line interface, or weird black box thingy. It looks like this:

 


 

 

 

 

 

 

 

 

 

 

Now you’re going to type a command in to it. Type in “getmac -v” exactly like that and you should get something that looks like this:


 

 
If there are multiple lines, look for the one that’s listed as a wireless device. In this screen the “Physical Address” is the MAC address, and instead of colons it uses hyphens to separate the different characters. Also, this notation is known as “Hexadecimal” because the values range in from 0-9 and A-F for a total of 16 different possible values for each position in the address.

Here’s where it starts to get really cool.

The first three sets of characters are called the organizational ID, or OID. Typing in 00:0D:81 in to Google will tell us that this particular device is made by a company called CisTechn. The last three sets of characters are the Unique ID, and it is the only device this company has ever made that has that ID. Taken together, we have a truly unique ID that only this device possesses in the entire world. Think of it like a network serial number.

Now take this in to consideration: When your WiFi is turned on—regardless of whether you’re connected or not—your electronic device is constantly blasting out its MAC address, trying to find wireless access points that know it. It’s kind of like a lonely kid walking around constantly asking everyone, “Will you be my friend?” That’s why when you get to work or home, your iPad automatically connects to the WiFi.

Well, this constant leak of data has a bunch of security concerns (more on that later) that bad guys have been picking up for years. This also gives us an opportunity to find stuff as law enforcement, and the cool part is there is zero expectation of privacy since this is fundamentally how these devices operate.

How It Works

What L8NT does is constantly “sniff” the air for these MAC addresses, and compares what it finds against a database of stolen MACs. Suddenly you get a hit, and, yes, there are ways to actually track down where the signal is coming from.

Sounds pretty easy! Kind of like LoJack for stolen network devices.

Now let’s say you don’t have time to put officers out in patrol cars with these WiFi hunters in them, or your officers are profoundly afraid of anything involving technology because they’re basically cavemen who break everything called “technology.” That’s fine. L8NT is designed to run in the background so officers don’t even know it’s working unless a device is located.

You can also set this up in a static location with a high amount of network devices and maybe foot traffic. Think: Cafeteria at a local community college? Highly popular coffee shop? Each day it will start to record hits on suspicious devices, and you can probably start to develop trends and notice that a certain stolen device will show up at the same place and time every Monday and Wednesday. Perfect! We got ourselves a lead.

Privacy?

Now privacy is obviously a huge concern. Although most people think of police as the enemy of privacy, most cops are actually the strongest privacy advocates out there. Hence, L8NT doesn’t record any device that isn’t a match in the stolen database. It automatically forgets it because, let’s face it, I don’t want my movements being tracked based on my MAC address. That’s just creepy. Officer Schwindt even went to the trouble of reaching out to the Electronic Frontier Foundation (digital privacy/rights advocate) and ACLU to evaluate his device!

Conclusion

If you’re going to be at IACP this October, stop on by and check out L8NT. It’s going to be a game changer! This is one of those things that makes a lot of sense and will be extremely practical.

The following two tabs change content below.
Elijah Woodward
Elijah Woodward is the owner of SavageCyberSpace.com, a security consulting company focusing on information and cyber security as well as physical security. He has 10 years of law enforcement experience working in patrol, motors, and community resources. He is a member of the FBI’s InfraGard program, and the High Technology Crime Investigator’s Association. Elijah believes that law enforcement is in a prime position to address the issues of cyber crime and fraud, and it will be cops at the local level who will have the greatest impact on these new crimes as they continue to plague our communities. Reach him at [email protected]