Jasager MAC Scanner?

[wannabe genuis]

Let's start by saying I am a N00b compared to many of you guys/gals.

When my daughter got her Galaxy S3 stolen at school, I started asking myself "What If?"

There has to be an easy way to find the MAC addresses of mobile devices around you. I Googled around for an hour or so and found this link http://www.l8ntwifi.com/ . It is a new device offered by a police officer to find stolen devices by MAC address. My first thought, of course, was Jasager should be able to do this easily.

What do you guys/gals think? Is there an easier way?

Also... Would Jasager stop an iPhone from randomizing the MAC address?

[cooper]

Every phone has a unique IMEI number which you should be able to recover from your purchase of the device, assuming it wasn't 2nd hand. This, like a MAC, is a unique and phone-specific number. You can instruct your mobile network (and possibly other networks too) to blacklist that phone based on this number, rendering it useless for anything but wifi and bluetooth computer stuff. Here in the Netherlands the police (used to?) have a process whereby any phone that was registered as being stolen would be sent a text message every so often (they're calling it a bombardment) that reads "This phone is stolen. Contact the police." And again, this is sent using the IMEI number so changing SIM won't prevent that text from being delivered. The purpose of this is to make the resell value of the phone effectively zero which is a big disincentive to phone thieves.

Dutch police article on this (obviously in dutch, but Google translate might help).

The only thing that could stop an iPhone from randomizing its MAC is the iPhone itself. If it was something you could influence in any other way, it would be a useless feature.

Edited March 24, 2016 by cooper

[wannabe genuis]

Her phone had Cyanogenmod on it and "Find My Phone" was registered with my account, but they stopped that service a while back. I don't have much hope to get it back. It's not just her phone that I'm thinking about. I'm trying to think more altruistic here. One thing that all wifi devices have in common is the existence of a MAC address.

On the iPhone question, I assumed that the device would trust its home network and not randomize the MAC address. Randomizing would break static IP/MAC filtering in routers. Am I missing something?

[cooper]

You're not missing something. The point is that people rarely connect to their phone over the network, so they don't need to know or care about the phone's IP being dynamic. And since the MAC can be freely changed on most all devices, filtering on that is a piss-poor means of protecting your network.

The point about reporting it stolen (which I trust you did) and the IMEI is that you want to make it such that a phone thief can do very little with the device. Can't sell it, it's annoying to use when every 5 seconds you get a text that reminds you the phone is stolen (meaning you can't show something interesting on the screen as that text might pop up and show to the friend you're using a stolen phone), can't call anybody with it, etc. The goal isn't so much to get it back (although stranger things have happened) but rather to make it worthless to the thief.

[wannabe genuis]

This idea is based on dumb criminals. There is a vast difference between what can be done and what will be done.

Again...Me...N00b...

My understanding of Jasager is that it relies on the trust of the device/computer. If you say, "Yes I'm your home network" to every device, then they will connect to you and report their MAC. Correct?

Also in the US most data plans are limited to a certain number of MB's or GB's without overage charges. Most people switch over to the WiFi when they get to work/home/school for two reasons. First, they can limit charges for mobile broadband. Second, they get a much faster connection over WiFi than the crowded 4g.

This is still assuming that only phones have built in WiFi and only phones are stolen.

[cooper]

The way it works is that, like a lost child, your wireless devices are constantly screaming "Mom? Are you there? I can't find you!" and repeat that for every family member (SSID) they remember.

What Jasager does is say "I'm here, dear. I'm Mom. See the name tag? Says mom, right? See, I'm mom. (muahaha)".

When the device sees Jasager respond in the appropriate way (meaning that if your home network was WEP 'protected' it will connect to it like so, if it was WPA2 protected it will connect like that) and during the communication session including the handshake with the AP the MAC will be a constant.

The problem you now have is that all you can prove is that if the Pineapple spits out a valid connection having been made, that the phone is within WiFi connection distance, which can be considerable.

But the bottom-line is that if you're hoping to track down a phone using this, you shouldn't use Jasager since it will actively entice every device nearby to connect to it using an AP it might know. You should set up your Pineapple as an actual AP that mimics only your home router, and see if anything (succesfully) connects to that.

[0phoi5]

The way it works is that, like a lost child, your wireless devices are constantly screaming "Mom? Are you there? I can't find you!" and repeat that for every family member (SSID) they remember.

What Jasager does is say "I'm here, dear. I'm Mom. See the name tag? Says mom, right? See, I'm mom. (muahaha)".

What a fantastic description