noquest banner

Locating stolen wi-fi access points

When someone raids our home or our company, usually laptops, cameras and other hardware are lost.
In the hope of locating and maybe recovering some of them, we can try some tricks.

Digital cameras

Digital cameras have a serial number that is written to every picture file we take.
If the burglar ever takes a picture and posts it to internet we can get a clue about who is using our camera.
We just need to upload a picture that we have taken with the stolen camera so the website application can read the serial number embedded in the file and check its database in order to search for pictures containing that number in the WWW.
It's worth to try.


Laptops, netbooks, tablets or whatever the name we like, could be defined as a portable techy device that will be stolen if left alone on a public site.
In this case prevention is a must.
There is software like Prey that could allow us to locate the laptop once stolen.
So we must install the software before the laptop is stolen.
This software is always running on the system and silently sends a heartbeat to an internet server. When the laptop is stolen, we must go to Prey website to enable that event acknowledgement, then when laptop sends its heartbeat, it will receive a command to begin its works.
Prey will try to connect to any wi-fi nearby and send by email pictures taken by the webcam, names of detected wi-fi networks (SSID), screenshots, and GPS coordinates.
With all this data we can contact the police department to find our device.

Hand touching notebook
Laptops are like honey to a bee
Access Point
Access points could also be stolen

Access Points

This is the article main goal. Stolen cameras, laptops, phones, are vastly covered topics on other websites. But as time passes, bad people are getting smart, so they may not upload to the WWW any picture taken with that stolen camera, they will format the hard drive as a first step after robbing it.
Wi-fi access points are not in the same category. That's because access points broadcasts its BSSID and this identifier is like a serial number.
It's highly unlikely that someone changes that number by installing a third party firmware (but it's possible).
So we can say that when your access point is stolen and later on, someone powers it on, we can wardrive the city and search for it. Better on, we can check on a worldwide wardrivers database and find it!

But, what was our BSSID (Basic Service Set IDentifier)?

- Usually, a sticker on the AP tells us the wi-fi MAC address also known as BSSID, but now the AP is not here anymore.
- Take a look to the invoice, sometimes invoices includes serial numbers or MAC address, remember that AP have two MAC address, wired and wi-fi, BSSID is the wi-fi MAC.
- Original box, do we keep original package? a sticker on the box could reveal BSSID.
- Windows forensic way, take a computer that at anytime was connected to the stolen AP. Windows stores in a registry key all BSSID where we once connected.

Select any ProfileGUID, DefaultGatewayMac is the BSSID we are looking for.
More information about Windows wireless registry entries here.

bad guy
Criminals are heartless

Where to search
WIGLE stands for WIreless Geographic Logging Engine and it's a free resource to locate wi-fi access points.
Wardrivers send its recollected data to this database and everybody can use it.
There are more than 60 millions of access points on the database and it's growing  more and more.
Wiglewifi is an android application that makes very easy to become a wardriver and contribute to the main goal of wireless logging everything by simply going for a walk with a mobile phone.

wardriving map
Wigle city map, dots are AP

In order to search for our stolen AP, go to wigle website, we have to create a free account, log in, go to Query menu, type our entry on the BSSID/MAC field and good luck!

wardriving map zoom
Wigle city map zoom, wi-fi network names on

Sample fictional success history that could become true

Someone raided John's apartment, cash, laptop, jewels, even the wireless access point was stolen.
After going to the police, the recovering chances were very low.
Six months later, after reading on a nice website :-) a fictional history about someone recovering a stolen access point, John is  willing to get his last chance for recovering his stolen hardware devices.
He calls his friend Jacob, who some months ago, had been in John's apartment with his laptop working on a project together. Jacob connected his laptop to John's wi-fi network (access point).
When Jacob comes, they turn on his laptop loads Windows and runs regedit, then looks for a registry key named DefaultGatewayMac inside John's wi-fi network subkey, then wrote down that MAC address (BSSID), went to made a new free account for login with, clicks on query menu and types on the BSSID/MAC form field that information. In a blink of an eye they have a screen match with the new SSID name and the GPS coordinates latitude and longitude where last week that access point was working.
With all that information John rushed to the police department. After some investigation, they could not only recover his access point, but also his laptop and other belongings.

May 2012.

Use main page comments for questions.

Copyright Contact