9

Recently I had the following idea.

I live in a rural area where few people pass in front of our house. Burglars like such areas, because the chance of being seen breaking into a house is small.

Assuming burglars carry a smartphone, would it be possible to somehow track them? I imagine a system where requests for WLAN networks (which I think happen regularly with WiFi enabled on smartphones) store the request and some data about the phone in a database, together with a timestamp. If someone then breaks into our house, we just pass the logged information on to the police.

Would the data transmitted by smartphones suffice to help the police? If yes, which parameters specifically would I need to track, and what technical infrastructure would be needed?

theDmi
  • 395
  • 2
  • 10
  • There are companies that do WiFi tracking as a service, google for them. Probably you could agree to host such a device at your home and get your local data in return? – Marcel Jul 03 '17 at 09:58
  • it would be better to spoof the 3g/4g, like the cops do to track motorists. – dandavis Jul 03 '17 at 19:18
  • Yes but what if the burglars don't have their data or wifi switched on? – papakias Jul 06 '17 at 11:52
  • This technique is already being used and it works like this [tracking people via wifi even when not connected](https://www.crc.id.au/tracking-people-via-wifi-even-when-not-connected/) If i was a burglar I would most likely turn my wifi off to save battery because i never know when I would need more battery when being chased by the police. – defalt Jul 06 '17 at 13:11

4 Answers4

5

This can be done (see other answers) but the better question is-- even if you spent $1000 on all-new networking equipment, routers, wifi pineapples and whatnot, and you successfully captured the burglar's phone's hardware MAC address, the better questions are:

  • How does this prove that the actual owner of the phone was in your house (and the phone itself wasn't stolen, along with six others in his possession),
  • Does your rural PD actually have any digital forensics experts on staff, and
  • Even if they did, would they actually do anything with this evidence?

I've seen cases where burglars left visible fingerprints and other more low-tech evidence at the scene, which went ignored by investigators. Your solution, while clever, would probably not be sufficient evidence to convict anybody. Your money would be better spent on infrared CCTV. Juries are much more easily convinced by video evidence than long explanations about hexadecimal numbers.

Ivan
  • 6,288
  • 3
  • 18
  • 22
  • Video evidence is certainly understandable by a jury. You may want to include a camera pointed at the driveway to capture license plate numbers of the cars that visit. Everybody understands license plate numbers. – John Deters Jul 06 '17 at 15:59
  • Even if video is not shown to the jury the cops will be a lot more interested and might even recognize them. – ste-fu Jul 06 '17 at 20:47
1

What you are looking for is wifi analytics. Stores deploy this technology to track visitors in their stores:

http://www.telegraph.co.uk/science/2016/12/27/high-street-shops-secretly-track-customers-using-smartphones/

Pair this with a rogue AP that launches when the house is empty, and you can gather a lot of info, indeed (social media accounts, websites, background data), albeit illegally.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • 1
    Is it actually illegal? A rogue AP is simply providing (monitored) internet access. You are not actually exploiting anything, simply offering a service that the device is interested in and thus connects to it. – André Borie Jul 03 '17 at 11:27
  • @AndréBorie if you are collecting personal info from it, then that crosses the line in a bunch of jurisdictions – schroeder Jul 03 '17 at 13:08
1

In Kali Linux you can put your wifi adapter into monitor mode with

airmon-ng start wlan(n)

Then when in monitor mode use

airodump-ng -mon(n)

*(n) can be replaced with the number associated with your monitor mode and wireless adapter. Usually would be wlan0 and mon0.

This should show you all routers at the top and then all device mac addresses around near the bottom if I remember correctly. I am not sure what you would need to do next in order to get it to record those for passerby's though. I really love this idea. Thanks for the question!

Giovanni Brown
  • 96
  • 3
0

Most phones randomize the MAC address in their probe requests specifically to prevent such tracking, but even if you manage to get their real MAC address it won't give you much - I doubt any manufacturer has a way to track down a given device based on its MAC address.

André Borie
  • 12,706
  • 3
  • 39
  • 76
  • Randomization SHOULD be implemented, but it's not properly done on many devices. See https://www.theregister.co.uk/2017/03/10/mac_address_randomization/ – Marcel Jul 03 '17 at 10:00
  • @user2497 "if they sold the device" what's the last time you bought your computer from an ISP? And what if you bought an USB Wi-Fi dongle (with its own MAC address independent from your computer)? And MACs can be spoofed too, making the problem even bigger. – André Borie Jul 06 '17 at 21:34
  • @AndréBorie OP is talking about phones, not laptops. I have never heard of thieves bringing their laptops with them on break-ins. It's common enough to buy a phone from an ISP - many are also telcos. – user2497 Jul 06 '17 at 22:00
  • @user2497 phones will revert back to their real MAC address upon association with a known network, so any MACs on your network's list would not change. However if you make your phone forget its network and then sniff out the probe requests with a tool like `airodump-ng` you'll see a random MAC. – André Borie Jul 06 '17 at 22:23