Skip to Content

Tracking Laptop Thieves Safely

New software tracks a stolen laptop without tracking its owner.
September 30, 2008

Nowadays a lost or stolen laptop can often be recovered thanks to software that automatically transmits the location of the device back to a central server. However, some experts worry that, without additional security measures, this kind of tracking technology could inadvertently make users more vulnerable to spying.

“If you lose your laptop, a commercial service can tell you where it is right now,” says Tadayoshi Kohno, an assistant professor of computer science at the University of Washington, in Seattle. “The issue, from a privacy perspective, is that this also means that someone who might break into or have access to the commercial service’s database might be able to track you even before the laptop leaves your possession.”

To address this concern, Kohno and his colleagues at the University of Washington and the University of California, San Diego, have developed Adeona, a free piece of software that records location information in such a way that only a legitimate user should ever be able to gain access to it. Most commercial laptop-tracking services require software installed on a user’s machine to periodically update a database with data related to the laptop’s physical location, such as its current IP address and local network topology. If the machine is ever stolen, this information will be transmitted the next time it is connected to the Internet. The user can then take it to the police to help them locate the thief.

But Kohno and other security experts worry that, if this data is compromised, it will provide a simple way to monitor the movements of the laptop owner. In a corporate setting, this might enable corporate espionage, Kohno warns. And since this data may be transmitted and stored in unencrypted form, it is particularly vulnerable to interception and attacks on the database, he says. Adeona employs several cryptographic techniques to keep location information secure. A laptop running the software still sends location information to a central database–in this case, a completely open server–but the data is encrypted so that it cannot be read without a private cryptographic key.

Even if the laptop is stolen, other cryptographic tricks prevent the tracking information from falling into the wrong hands. When a user installs the software, a cryptographic key (known as a seed) is generated and stored separately–on a USB flash drive or a DVD, for example. The seed is used to generate a unique cipher each time an update is sent to the server. And to prevent a thief from figuring out the original seed by analyzing past messages, the software also generates a new seed by morphing the original one in a seemingly random way each time an update is sent.

Adeona works with Windows, Macintosh, and Linux. For Mac users, there is an add-on that periodically takes photographs using the laptop’s built-in camera, to provide even more evidence to show the police. Kohno notes that the software is designed to improve the privacy of laptop-tracking systems. A savvy thief could still get around the systems by wiping clean a stolen laptop’s hard drive before connecting it to the Internet.

Nonetheless, some other experts are impressed by the idea. “When your laptop is stolen, you want the chances of it being recovered to be as high as possible,” says Lawrence Teo, vice president of development at Calyptix Security, based in Charlotte, NC, who has been testing Adeona on his own system for several months. A lazy or careless thief may leave the tool in place, Teo says, giving the software enough time to work.

“It’s much easier to build a laptop-recovery system that is detrimental to privacy rather than one that preserves it,” says Aviel Rubin, a security and privacy researcher and professor of computer science at Johns Hopkins University. “Most people are focusing on convenience and data-mining capabilities and forgetting about privacy. Seeing an effort to build something that will not compromise privacy even though it has every potential to–for me, it’s refreshing.”

Furthermore, since the source code for Adeona has also been published openly, Rubin says that users should feel better able to trust its security. “People can look at the software and see that there are no back doors, and that it really does preserve privacy the way that they say,” he points out. “They’re basically putting all their cards on the table.”

The researchers are currently working on a version of Adeona for the iPhone, and Kohno hopes that other software developers will contribute to the project. “We’re hoping other people will take this idea and extend it in other ways to make it more useful–for other types of electronic devices, or for other types of forensic confirmation,” he says.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

This baby with a head camera helped teach an AI how kids learn language

A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.