Can someone discover my computer by driving by?

3

Someone broke in to my home in New York and stole My MacBook Pro and iPhone 5 this weekend. They left other things like my android phone and iPad. It seems they were specifically targeting the Mac.

One of the neighbors had a security camera so we know what the perps look like. We used Find my phone to learn where the it was. (At a home several blocks away)

Anyway to my question, we never saw the perps before, so I was wondering how they knew we had the Mac.

Is it possible that they simply drove by my house and used some kind of device to detect the machine on my network? Does anything like that exist, and if so, is there a way to block this so nobody would be able to see what I am doing on my personal private network?

Victor Grazi

Posted 2013-09-23T19:12:39.677

Reputation: 135

They likely didn't know you had a Mac. As for the reason they left stuff simply they we're spooked – Ramhound – 2013-09-23T19:14:44.267

1They knew you had a mac because it was sitting there on your desk. As for detecting it, just drive by with a smart phone and look for wifi networks, if there's a wifi there will be a wifi enabled device, possibly a computer. – terdon – 2013-09-23T19:16:49.593

or hack/enter your network and nmap away your OS. but this would be too much "tinfoil hat" – Lorenzo Von Matterhorn – 2013-09-23T19:21:40.077

you don't have an apple brand wifi AP do you? if not, and your wifi is not public, no they could not tell, unless they looked in the window. – Frank Thomas – 2013-09-23T19:22:30.453

Sorry to hear about that, that's very unfortunate. To echo what others say, it's highly unlikely - but theoretically possible even though it would be a decent amount of work. Most robberies are opportunistic. So they may have either seen it through a window or simply an easy way in was exposed (cracked door or window, for example) and they were easy things to grab. – nerdwaller – 2013-09-23T19:24:41.050

@FrankThomas That's incorrect. HeavyD's answer below is correct. Wi-Fi MAC addresses (including client devices MAC addresses) are never encrypted; the first half of the MAC address (the OUI) gives away the manufacturer; and for a high-volume manufacturer like Apple that burns through more than one OUI a year, it could even tell you how recent the device is. Narrowing it down to a particular model is trickier, but not outside the realm of possibility. – Spiff – 2013-09-23T21:01:40.353

@nerdwaller Packet sniffing really isn't that much work. I guess if you've never done it before, it's hard to get set up and running the first time, but once you've done it a couple times, it's very easy to see exactly which brands of equipment are on a given Wi-Fi network, even encrypted networks for which you don't have the key. – Spiff – 2013-09-23T21:04:26.510

@Spiff - You're right, I was too focused on the opportunity of it, it didn't seem like it was likely to me in this case. Wirehsark is pretty dang impressive, and targeting apple stuff wouldn't be surprising since the resale values are surprisingly high. – nerdwaller – 2013-09-23T21:35:22.293

In the future, I always use a tool that will remotely tell me the device's current WAN IP address. Give that information to the police and they can subpoena the ISP, and possibly nab the person at the address the service is registered to. – Moses – 2013-09-24T00:41:23.850

Related: https://www.youtube.com/watch?v=U4oB28ksiIo

– Moses – 2013-09-24T00:45:38.713

Answers

4

It is very easy to detect what types of wireless devices are nearby. Using a tool like Wireshark to capture wireless traffic in promiscuous mode you can get the MAC address of any device that is broadcasting any wireless traffic.

The first six digits of MAC addresses are vendor specific and its is trivial to lookup the manufacturer of the NIC based on the MAC address (in fact Wireshark will do the lookup for you). So its very likely they could have known you have Apple hardware if your devices are connected to WiFi.

One caveat... if you're living in a densely populated area like an apartment building it would likely be more difficult to pinpoint exactly where the devices are located, but you would certainly know they're nearby.

heavyd

Posted 2013-09-23T19:12:39.677

Reputation: 54 755

I would bet that the bulk of people who commit B&E are not the sorts of people that are proficient with packet captures. While it is possible that a small percentage are, it is more likely that the devices were visible through a window or he was observed using them in a coffee shop and they followed him back to his home and then came back when it was convenient, or even as mentioned above - simple deduction - wifi signal means devices present, grab a few and run. – MaQleod – 2013-09-23T20:52:22.603

Thanks. That's kind of creepy that people can detect me. I live in a two family house and the other family doesn't have wifi, so it sounds like I am pretty vulnerable. Is there any way to put some kind of software or hardware firewall that makes the presence of my network invisible to outsiders? – Victor Grazi – 2013-09-23T21:29:44.740

@VictorGrazi No, a firewall blocks people from getting into your home network from the Internet (like via your broadband connection). There's no easy way around the fact that someone with a sniffer, driving down your street, can discover how many Wi-Fi devices are active on your network at that time, and what manufacturers made their Wi-Fi cards. – Spiff – 2013-09-23T22:20:15.603

1Well, you could just not broadcast your SSID. – MaQleod – 2013-09-24T18:26:17.660

@MaQleod, that won't help. MAC addresses are broadcast for both clients and APs. SSID broadcast doesn't change that there are 802.11 frames flying through the airwaves that can be sniffed. – heavyd – 2013-09-24T18:58:57.873

@heavyd: I agree, BUT, it comes down to the level of technology being used by those doing the smash and grab. It is more likely they'd have a simple wireless detector that mainly looks for SSID broadcasts than something that actually sniffs frames. – MaQleod – 2013-09-24T21:56:44.003

Asked: 2013-09-23T19:12:39.677

Viewed: 129 times

Active: 2013-09-23T19:25:48.857