Undercover – Stolen Mac recovery story
This post was published 2 years 10 months 29 days ago and its content may not be valid anymore.Previously mentioned OS X privacy & security software Undercover posted a recent story regarding a stolen MacBook Pro and ensuing recovery. You can find the full details of the recovery process on the Orbicule website:
8:15 PM John’s Undercover-enabled MacBook Pro was stolen at his golf club, just a few miles from where he lives, somewhere in North Carolina, USA.
01:29 AM John contacts the Undercover recovery center and sends us the Undercover ID for his stolen laptop. Our recovery center immediately takes action and registers the Mac as stolen.
7:54 AM Just 6 minutes after the MacBook was connected, our recovery center receives snapshots of the thief, taken with the MacBook’s built-in iSight camera. The iSight camera really is a great tool for identifying the thief. The iSight pictures we receive clearly show the current user of the MacBook, most likely the thief himself (later, we received confirmation that this was indeed the thief).
At the same time, we receive screenshots of the stolen Mac. These screenshots clearly show that the thief tries to erase as much personal settings as possible. He starts by removing the desktop picture (showing John’s children). Then, the thief deletes all contacts (from Address Book) and all emails.
Time to consider Orbicule Undercover for your portable iSight equipped Apple notebook? I’m leaning towards yes.
Thief: Hm, that green light flashing next to that camera must mean all the contacts have been deleted. Awesome!
My favorite part? That the picture of the thief was apparently shot while he was using the Macbook on the toilet…
Coolest thing I’ve seen this week.
I’m convinced, i’ll buy Undercover as soon as i get my new portable…
your fear = their profit :)
btw what if there’s no internet access??
the isight can take trillions of snapshots of anything, if there’s no way to send it anywhere..
this is a promo story, and believe me,
those who steal macbooks know, what they’re dealing with,
and usually they hardformat the hdd first..
or at least they should, instead pulling everything into the trash on the desktop..
hahaha :D
lame marketing..
I wouldn’t necessarily assume that the first step a thief would do is reformat the hardrive. I think it would only be natural for someone to plug their new toy into a public internet spot (thinking that doing so would keep them from being tracked at home) to play with their “new” toy.
From what I understand, They assume you to password protect your system so you cant reformat with the password. And if all else fails, they put a message up saying it needs repairs or something. Ive read about it before, definitely considering signing up for a mere $40!
even if its not recovered, you’d feel a little better knowing you did everything you could
i meant without the password..my bad
see..
that’s what they think about you mac users! :D
you want to plug-and-play..
you don’t care.. it’s out-of-the-box.. woohoo..
that’s why you spend money on scams like this..
if I take out the hard drive, I can do whatever I want to do with it,
no password will stop me..
then I can sell the machine to anyone, who can freely have fun with your macbook.. :)
photo will prove nothing..
they should track your mac address, that’s the only “online ID” what your macbook has.. (and more difficult to hack)
but it’s so fancy to use the isight to catch the badguy, so you buy the magic trick for sure.. :D
wtf you do with snapshots and screenshots?
wipe your …., not more.. :D
police will have a nice laugh on you, so will the “Undercover recovery center”, who just sold you a bunch of pictures for $40..
omg.. lame.. again..
but there is a lot of people who buy these (just like cellphones) and dont know enough to change harddrives…let alone the need to change one since as far as they know its not stolen. I think its a small price to pay
look at it as an antivirus….you pay $50 for norton on windows so why not spend th e $40 on this.
how about this:
1. you buy this “Undercover” service..
2. while you online, their software checks your desktop all the time, creating/sending backup screenshots..
3. when your mac gets stolen, you receive the latest screenshot what they made,
some stuff deletion screens of your desktop, and a randomly generated snapshot of Mr. Nobody (from Kazakhstan for example) looking at “your” screen..
This is as useful as Norton while it’s disabled on your windows tray.. :D
Errr…is anyone concerned that this software is ALWAYS running? How do you make sure that their software is only taking pictures of a thief and not of you and your significant other in the act of….err….
This article has definitely informed me on how to properly steal a Mac laptop.
First: Remove system battery to reset any BIOS passwords
Second: Format Hard drive and reinstall OS
Third: Rebuild mac kernel allowing you to change the MAC address of the build in NIC
Fourth: Go buy a $5 NIC card, write down the MAC address and throw NIC away
Fifth: Change laptop MAC address to purchased NIC.
Sixth: … well there is no sixth, just an untraced laptop.
Thanks for inspiring me to steal :)
Not bad but personally how could he find where the guy lives?
Dov, if the thing is so useless how did they catch the guy? You must be missing some steps ;) Do you lock your car? If so, you must be an idiot! All the crook has to do is break open the window… What are you going to do with your fancy car lock? Wipe your ass with it?
“btw what if there’s no internet access?? the isight can take trillions of snapshots of anything, if there’s no way to send it anywhere..”
What decade are you from? What are the chances someone will steal a laptop computer and use it as a video game console or a paperweight?
first order of business when stealing macbook: tape over isight.
Even if you replace the hard drive, if you have firmware password protection (which blocks access to most boot options) enabled, it will be cumbersome, to put it mildly, to get a working system again without the correct firmware password.
dave, awesome response. Thanks for a good laugh!
I believe the software is “supposed” to start its snooping task after being contacted by the Orbicule headquarters.
Great promotional story from Orbicule. However:
* Orbicule’s tracing facilities will not mean *anything* to a police agency outside of Belgium. Ergo, once the laptop crosses the border, the “protection” is not worth a dime. I see no reason why, say, Ukranian police authorities should consider a report by a Belgian company as something more than a practical joke. Orbicule claim that they have successfully cooperated with law enforcement agencies in many countries, but there is plenty more where their reports would carry no weight.
* The entire idea of Orbicule is based on (I quote a reply from orbicule) — “… we think the average thief won’t have the knowledge to circumvent Undercover”. This is akin to security by obscurity which *never* works. Flashing the firmware (e.g. ), replacing the HDD, and so forth are trivial by nature, even for a thief with very limited technical knowledge.
* Orbicule refuses to release the communication details to the general public. That is, one has *no* idea how orbicule on a laptop communicates with Orbicule HQ. Maybe their encrypted communication channel uses ROT13 and can be trivially subverted. Or maybe their are leaking the passwords to Orbicule. Or maybe a denial of service can be easily mounted.
* Is anyone at all bothered by the fact that:
** Undercover is to be run as superuser
** It takes snapshots through iSight
** It obviously logs activity on the computer (potentially including password collection and so forth)
There is *no* guarantee or whatsoever that Orbicule is NOT collecting this information about the legitimate owners of the macbooks. Why would *anyone* subject their financial details, personal life, their employer’s codebase to such an enormous security risk? After all, one has only the Orbicule’s *word* that they collect no such information unless a theft report is present. Why would anyone place such an enormous amount of trust into a company?
“Even if you replace the hard drive, if you have firmware password protection (which blocks access to most boot options) enabled, it will be cumbersome, to put it mildly, to get a working system again without the correct firmware password. ”
While the firmware passwords are tough, you CAN get around them, even if it is a pain in the ass. That being said most thieves wont know how. So I suppose you’ve shown them. They stole a paperweight, and meanwhile you have no laptop.
Some of you guys are paranoid. This is a company offering a service that can help recover your laptop if it is stolen. If anyone had the slightest thought that they would abuse their customers by accessing their machines improperly, they would be out of business within a week.
Secondly, I think you all overestimate the intelligence of thieves. 99% would do exactly what this one did. As for the police not working across international borders, this is a political problem. This company can provide images of the thief, screenshots of what they are doing, the IP address where it is being used, and, with the help if the ISP, the physical address where the computer is connected. What more can you ask for? The police should jump on this type stuff. They have all the investigation done for them and they get to close a case quickly and put a mark in their ‘win’ column. This is also the type story that the news would run giving the police good PR.
I don’t even have a Mac but would love this facility. I’ve thought about writing similar applications in the past (long ago – and on the list of ‘will never get around to it’) and to see a company that have made a good package out of it is brilliant.
True, it can be broken but like has been said – so can anything.
Fact is – smart people don’t steal laptops. Stupid people steal laptops. Smart people earn them.
creepy software I must say – the picture and camera thing is just creepy – whos to say they don’t watch you while your using your computer.
This sw would definitely rock if I could see the thief’s face in real time, then press the sel-destruction routine installed in the Mac bios, and have some fun with the 20 grams of C4 I’ would’ve installed behind the screen, oriented to the reader of the laptop.
That woul be a NICEEEEEE ONE.
(Pls, forgive the patiente, hes been recently stolen)
I like how they censored his face, but chose to leave his big ugly APE NOSE in the pic!
hmm. if i were to steal a macbook, the first thing i’d do is dig around for personal info WHILE NOT ONLINE… and then after i’m thoroughly bored going through their godawful music/porn collection, i’d reformat the drive.
someone please steal my BlackBook. it will give me a reason to buy one of the nice new dual core 17″ MBP’s.
I hope you’ll buy my useless products too, so I become rich,
laugh a big one on you, fly home to europe, and live like a king..
that’s all I’m dreamin’ of.. :D
Freaking great product…specially like the part about pressuring the local authorities to go get the theif…apprently, pictures and an address just aren’t good enough anymore.
See what freaking WoW makes people do…evil game!!! If I were that guy, I sue Bizzard for making me steal a laptop….
As someone else raised the point about being watched without knowing… How humorous would it be to be viewing porn?
Wow……These are some of the most pessimistic comments I have ever seen. It also amazes me that some of the posters believe most of the general public who would steal a notebook have the technical skill or knowledge to do any of the steps necessary to make a notebook untraceable.
[ Jerry wrote ]
If anyone had the slightest thought that they would abuse their customers by accessing their machines improperly, they would be out of business within a week.
[ /Jerry ]
Hmm… trust is not something that anyone initially possesses. It is something that has to be *earned*. Until Orbicule *proves* that they are trustworthy, they are not. I see no reason to place any kind of trust into their service, simply because it is the default behaviour. The more is at stake, the more trust is required. My pin codes, passwords, financial records and personal e-mails are far too precious to be readily entrusted to a third party of which I know nothing about (nor can know anything about, since Orbicule has refused my requests for detailed technical specs for their product and the source code). You mileage may, of course, vary.
[ Jerry ]
As for the police not working across international borders, this is a political problem. This company can provide images of the thief, screenshots of what they are doing, the IP address where it is being used, and, with the help if the ISP, the physical address where the computer is connected. What more can you ask for?
[ /Jerry ]
Proof. A solid body of evidence.
Let me elaborate. Assume that you are the police investigator receiving a report from Orbicule. What kind of credibility does a company that you know nothing about have? *Why* should a privacy of person’s home be violated? On a basis of a single e-mail? How do the police *know* that the snapshot taken is really the picture of a thief?
The investigation is by no means completed. Maybe someone played a practical joke. Maybe the e-mail report is a fake (after all, even such a trivial thing as the e-mail’s authenticity cannot be verified). And suppose the police do find a laptop. What should they do then? There is no reliable piece of information that the police have that contradicts the thief’s statement “it is my laptop”. None (remember, Orbicule carries no credibility by default. The police in a different country has no reliable information that Orbicule is actually a company providing such a service, and not a scam artist). Also, remember that the country’s local ISP is presented with the same conundrum — they cannot trust an e-mail which asks for a physical address for an IP-address based solely on an e-mail from someone they know nothing about. That information is (fortunately) available through a warrant only. Well, at least in some countries.
There is far more to a potential investigation than simply slapping an e-mail together, and waiting for some divine magic to pour from Orbicule.
What an idiot! First he turns on the laptop near an internet connection… AND he doesn’t cover the camera!?! Yikes! I wouldn’t get the service… i use mine around competent computer users who would know how to steal a computer so the service would do me no good.
Lol reset a Mac’s BIOS password? Remove the drive so you can do with it what you want?
Just start the thing in firewire target mode, that way you can snoop the drive for tasty information tidbits before wiping.
Also, just a question for any of you, would you really want this laptop back after someone was using it on the pot? I think theives may deliberately use the laptop on the pot just for this reason!
This story is just an ad, and should be removed from Digg.
If you have open firmware or efi password protected on a mac, you cannot start in firewire disk mode until you circumvent these protections.
So removing the hard drive still makes sense.
DOV: If you take a look at the Orbicule website, the program’s detailed explaination ( http://www.orbicule.com/undercover/works.html ) (read the last sentance under the last heading), explains that if you have Apple’s Firmware Password, then that prevents anyone from formatting the machine without the proper password.
What if the theif DOESN’T connect to the internet? Well, yes, that is a problem. But chances are that he/she will. Most people who steal (not all) would not just do it for the Macbook’s iLife programs. Very few people PURCHASE the machine and plan not to use the web.
Personally, I think that it’s an excellent program. I was planning on purchasing a Macbook pro in a few weeks, which is a HUGE investment for a Highschooler. 2 grand is a lot of money, and $40 for a program that can help get it back to you when stolen is a more than worthy program.
in response to half the people posting on here:
they tell you how to make it so they cant reformat without the admin password. and eventually it will be connected to the internet.. friends, family, look what time we are in.. who doesnt have some type of connection? and when it does the pic gets sent., they dont start taking the pics till you tell them it was stolen.. someone else is like they have to gain trust.. how are they going to do that if people like you keep bitching about it.. you dont know how it works, what they do, if they watch you.. give them time.. and their trust will be earned.. and why is it when a great program comes out.. everyone is like.. oh its fake, its fake.. Viper.. the car alarm thing are in business.. thats just an alarm.. beep beep.. they can still smash a window before it goes off.. then run and you have a messed up car.. atleast this one takes pics/screen shots.. $40 is a small price to pay IF they can get back my $2,500 laptop.. im deff. getting it.
There will NEVER be a perfect security system. That’s what PROFESSIONAL criminals do.
They look for weaknesses.
Like my buddy says, most security systems are setup to stop the “honest” thieves :-)
And most thieves are goofballs, not computer experts like most of us. All stolen laptops
will never be found but tools like these get most of them back.
For what it is worth the story of the laptop recovery is true. John, not his real name of course, is one of my college buddies. I saw the unaltered pics and data. We will soon have it on all our laptops.