Stolen POS Tablets? Apple Can Track Them

Tablets, especially those used as in-store mobile POS, are nightmarishly easy to steal. But in the wake of the burglary of Steve Jobs' home, we now know just how effectively Apple investigators can track a stolen iPad.

You want fast? Apple fingered the thief only one day after police called the vendor. It's even faster if the thief wipes the tablet, which thieves tend to do.

Given that a thief can easily walk off with a device that costs hundreds of dollars to replace and is easy to sell, this could change the loss-prevention equation when it comes to tablets. The biggest challenges now may be making sure the POS app is locked down – and convincing police to call Apple. Exactly how easily and extensively can Apple track? Details shared with police are telling.

According to police reports released last week, the Jobs home was being renovated on July 17, when a thief found the key where a contractor had stashed it. The thief got into the house overnight and stole three iPads, along with other computers, jewelry and credit cards. Five days later, on July 23, the California Rapid Enforcement Allied Computer Team (REACT) was brought in, and investigators called Apple to ask the company for help tracking the one iPad that was initially reported stolen.

"I was told by the [Apple] investigators that they had observed data identifying that the iPad connected to Apple servers on July 18th, 2012, from 7:22am to 7:31am (the morning after the burglary)," REACT Agent Marshall Norton wrote in his report. "The investigators informed me that the iPad was trying to re-install the operating system and was connecting to Apple servers using an AT&T Internet Wi-Fi connection" with an IP address that didn't belong to Jobs.

The Apple investigators also identified two more iPads registered to Jobs and two iTunes accounts that had been accessed through the mystery IP address, including names and street addresses.

That was all on the first day after Norton contacted Apple. It took just a day to locate two of the stolen iPads electronically and identify the suspected thief. Apple located the third iPad six days after that. The delay was only because it hadn't been turned on.

The only reason the thief wasn't arrested until August 2 was paperwork, all the search warrants required for formal requests for information from Apple, AT&T and other links in the chain.

At least one of the iPads was wiped; some of the others may not have been. But Apple was able to track all three, once it had the identifying information.

Ironically, wiping the device (something any thief would be likely to do with a stolen iPad before trying to sell it) forces the device to reconnect to Apple. That gives Apple the serial number of the stolen device and IP address it's connected to. Even if it's not wiped, a stolen iPad's serial number is logged when it connects to Apple or iTunes for any other reason.

And it's almost impossible to use an iPad without connecting to Apple or iTunes fairly regularly.

This turns that loss-prevention problem on its head. Very few pieces of equipment in a store are as easy to steal as an iPad. But there isn't any other store equipment that, by design, reports what it is, where it is and what it's doing.

That means if an in-store iPad is stolen, the biggest problem may be getting local police to call Apple. (In the Jobs case, local police investigated the burglary for a few days before calling in REACT the following Monday. REACT promptly called Apple.)

Unfortunately, Apple's tracking ability only makes it easier to find a device that's been stolen by a thief who just wants the hardware to resell. A thief who is interested in stealing any information on the iPad, whether that means card numbers (bad developers! no PCI for you!) or passwords and other information that could be used to connect to a store's POS system, would probably know enough to first isolate the device from Wi-Fi or mobile signals, both to keep it from calling home and to prevent it from receiving a signal to wipe itself.

That's where the real LP problem is now with in-store mobile devices.

One workaround: Write your POS app so that it's always connected to the store's system. If it can't find the store's Wi-Fi signal, and doesn't get the correct response if it finds a Wi-Fi signal with the same name as the store's signal, the app could tell the device to wipe itself. That should delete any at-risk information and also make the hardware useless until it connects to Apple to reload iOS, which in turn gives Apple the ability to track it.

Let's be clear: This workaround is only for iPads that are being used as in-store mobile POS and not for iPads being used by executives, or even those issued to store managers for, say, personnel evaluations and to update CRM files. Those POS tablets should never have any personal or corporate files on them. (Would you ever condone someone putting a salary spreadsheet into an NCR POS, if such a thing was possible?)

And as long as the device is just loaded with the essential POS-related apps (which are stored on a server and can be easily reinstalled, the way you'd ghost any corporate-issued laptop), then having it wiped is not a huge problem.

The downside is that any time a tablet leaves the range of a store's Wi-Fi signal, whether because it's been stolen, walked out by an unthinking associate or put inside a metal desk, the tablet will self-wipe and have to be reloaded with all the necessary software, including the POS app. And any power failure that takes out the Wi-Fi access points would be very disruptive to in-store mobile POS.

Then again, so would a hacker gaining wireless access to the POS system. As LP problems go, it could be worse.

Written by Frank Hayes, Executive Editor of StorefrontBacktalk.com.