“Help! Someone Stole My Mac!” Undercover, Part 1.

Back in mid January we reported on Undercover, a unique Mac utility which notifies you when your Mac is lost or stolen.

So, we “stole” a Mac to see what happens. Why? Reporting on a real world test of an application adds more credibility, right?

There are a few aspects to a stolen or lost Mac situation. The first is “Prevention.”

What do you do to keep the Mac from getting stolen in the first place, the second is, what do you do to prevent data from being removed, and finally, is there a method to track your Mac once it’s gone?

Prevention is both the easiest and most difficult aspect of Mac protection, particularly for iBooks, PowerBooks, and new MacBook Pro.

Short of using lock and key and chains and armed guards, any Mac can get “lost” or stolen, particularly the laptops. Orbicule’s Undercover can’t do much for Prevention.

Before and after the Mac disappears, there are steps which help in protecting your data and recovering your Mac. Undercover is one such step.

Non-Intel Macs can be protected with Open Firmware, Intel Macs with EFI. Basically, with Open Firmware, a password is required at startup—without it, it won’t let your Mac startup, be used, or even let someone re-format your hard drive.

That keeps your data on your hard drive, as does Apple’s FileVault, the built-in encryption technology that’s on Mac OS X.

Security experts say most stolen computers never return. Why? No one knows where they went. Undercover changes that.

Undercover hides on your Mac and transmits the internet location of a stolen Mac when it goes online again. It also takes screenshots, and, in the case of the new Intel-based iMac and MacBook Pro, can take pictures of the user.

That’s Plan A. Undercover can switch to Plan B which simulates a hardware failure and makes the Mac unusable. If the thief takes the Mac to a repair shop, the Mac announces that it’s stolen.

We decided to put Undercover to the test both as to claims and to see how well it handles a real-world situation. That required that we have a laptop that could be used for a five day test.

Our friendly Mac360 system administrator had both a Mac PowerBook and an iSight camera attached, and was willing to part with usage for up to a week.

We checked out the PowerBook. It was running Mac OS X 10.4.5 and had an iSight camera installed via Firewire.

Then, we installed Undercover on the PowerBook and registered the ID number with Orbicule.

To simulate the PowerBook’s theft, all we had to do was send in the ID number via email to Orbicule’s data center, and unplug the PowerBook. Then we received notification from Oribcule that the ID was in their tracking database.

We alerted Undercover’s lead developer, Peter Schols, that we had a test in progress (mostly so the police wouldn’t raid Ron’s home office).

While running, Undercover phones home to Orbicule’s data center. When a Mac is stolen, and later connects to the internet, it transmits network information, including internal and external IP addresses, and router address, so the Mac can be traced.

The test began when Ron plugged the “stolen” Mac back into the network. Undercover connected to Orbicule’s database and was flagged as a “stolen” Mac.

The undercover operation was underway.

In the first few hours, Undercover took a number of screen snapshots (to determine what applications were being used by the thief) and, using the connected iSight camera, took a picture of Ron checking the PowerBook’s files. These were transmitted back to Orbicule.

Plan A steps took place within hours after we reported the PowerBook as “stolen.” At that point, authorities would have screenshots, digital photographs of a user, and IP addresses to begin a trace to the Mac’s physical location.

We were not done yet. Oribcule’s team is now tracking the Mac’s IP address.

We’ll report on that in Part 2 later this week.

What if the Mac’s thief didn’t connect to the internet? Or, what if he or she did connect, but then moved the machine to another location?

Is there a Plan B? Of course. If there’s a Plan A, then there’s a Plan B.

Yes, Plan B takes action and simulates hardware failure, displays a full-screen, customizable message, and then shouts at the thief (or anyone else nearby).

Later this week we’ll publish Part Two - The Hardware Failure.

For now, the “stolen” PowerBook has broadcast its location, and transmitted actual iSight camera images back to Orbicule. Thursday, Plan B.