back to article Wanted – have you seen this MAC address: f8:e0:79:af:57:eb? German cops appeal for logs in bomb probe

German police investigating a blackmailer's parcel bombing campaign reckon they know the MAC address of a device used by the scumbag, and hope network logs can help unmask the perp. Between November 2017 and April 2018, improvised explosive devices were sent to addresses in and around Berlin and Frankfurt an der Oder via DHL, …

  1. Christian Berger Silver badge

    I'm astonished, this article actually shows more work than any other I've seen yet

    It quotes the MAC address and even looks up the vendor. It even tells us where the MAC address is from. That's so completely unlike what I'm used from TheReg.

    Who are you and what have you done to TheRegister?

  2. Anonymous Coward
    Anonymous Coward

    " it's possible the extortionist may be unaware of MAC addresses."

    I doubt it. If the dude was able to come up with a QR-code for an extortion letter, he/she is most likely IT literate, and probably knows full well what a MAC address is. BTW, if this is the case and they read this article, they now know full well they need to dispose from that Lenovo device ... now.

    1. chivo243 Silver badge

      As this is also all over German news outlets,(a colleague read a few and gave me a quick run down) I'm 100% sure that phone/device has seen the underside of a jackboot...

      1. jabuzz

        You are assuming the MAC that you are seeing is not a fake one in the first place. If I was up to no good on a computer one of the first things I would do is set the MAC addresses on my kit to something other than their manufacturing default.

        1. tim 13

          It doesn't neccecaritly matter if it is spoofed. If it shows up in the logs of a web cafe, for example, it may be possible to review the CCTV of that time.

      2. L.A

        This is Colombo 101, you know the target but need the target to incriminate themselves by disposing of the evidenced.

        1. Zippy´s Sausage Factory

          I'm now imagining Robert Culp watching the news and furtively trying to feed a Motorola RAZR into a shredder...

          (Becuase the RAZR somehow suits the 1970s aesthetic, and Robert Culp because he was in "Death Lands A Hand", which I regard as THE classic Columbo - especially when it comes to incriminating yourself by disposing of the evidence...)

    2. mr_souter_Working

      beat me to it

      I came here specifically to say the same thing

    3. Peter X

      IT literate, yes, but on the other hand, he/she is using a QR code, so... prolly not BOFH level.

    4. sisk Silver badge

      If the dude was able to come up with a QR-code for an extortion letter, he/she is most likely IT literate

      Not necessarily. QR codes are pretty well known. I mean the things are everywhere and a quick google search will tell an interested party how to make one without them even having to understand the underlying concept. But someone with no knowledge of networking technologies would be unlikely to have come across the term "MAC address".

      Mind you, if they didn't know what a MAC address was before then they do now and are no doubt either spoofing a new one - an easy task to figure out once you know that it's possible - or shopping for a new phone.

    5. defiler Silver badge

      If the dude was able to come up with a QR-code for an extortion letter, he/she is most likely IT literate

      Umm - not so much. I used to know a guy who started a company creating QR codes for peoples' adverts, business cards, whatever. I think my shoes are more IT-literate.

      Note - that does not make him a bad person. It just means he wouldn't know a MAC address from a serial number.

    6. a_yank_lurker Silver badge

      It depends on if you are dealing with an advanced script-kiddy or someone who is actually IT literate. QR codes are a bit more advanced than normal script-kiddy stuff but would say one has to be IT literate to use one. MAC addresses are less well known as generally they are not that important to the average user. They have probably seen them when pairing a Bluetooth device but would not have much need to be really aware of what they are or do.

      1. GBE

        Creating a QR code is trivial

        It depends on if you are dealing with an advanced script-kiddy or someone who is actually IT literate. QR codes are a bit more advanced than normal script-kiddy stuff but would say one has to be IT literate to use one.

        Nonsense. Anybody who can run a browser and knows how to "google" can create a QR code.

        Just googlling "create a qr code" and clicking on the first link takes you to a web site where you enter whatever text you want. One more click, and there's your QR code.

    7. allthegoodnamesweretaken
      Holmes

      Genius at work...

      Is it just me or did our IT genius place the QR code on the bomb. The bomb that explodes and would almost certainly destroy anything on it... like, say, a QR code? Looks to me like the only reason we know there was a QR code is because the cops aren't idiots. The same can't necessarily be said about the bomber... Who may or may not know about MAC addresses (probably doesn't know much... #justsaying).

      Regardless, if they can track the MAC address (spoofed or not, phone destroyed or not) through old access logs to anywhere with CC-TV footage...

      1. defiler Silver badge

        Re: Genius at work...

        He's smarter than you give him credit for. QR codes have error-correction built into them. He's maybe ramped that right up to level H.

      2. sisk Silver badge

        Re: Genius at work...

        My thought on the matter is that he clearly expected the QR code to get scanned at some point during the shipping process. Which was a silly expectation in my opinion, but still more reasonable than expecting the QR code to survive the bomb.

  3. Wellyboot Silver badge
    Coffee/keyboard

    Home users...check logs...

    Did we just find a German plod with a sense of humour!

    1. chivo243 Silver badge

      Re: Home users...check logs...

      No, not at all. Germans typically RTFM cover to cover before assembling\deploying anything.

      1. Cheese_Conquistador

        Re: Home users...check logs...

        Yes but these routers are "open", what home user that knows what a mac address is and understands the logs leaves their router open? They would have had a better chance deploying stingrays in locations the device has already been. I would have thought they could get more information from the ISP.

        1. Anonymous Coward Silver badge
          Pirate

          Re: Home users...check logs...

          Quite a few technically literate people deliberately set their WiFi open for plausible deniability - "it wasn't me guv, anyone could be using my connection"

          1. Anonymous Coward
            Anonymous Coward

            Re: Home users...check logs...

            I run two basic networks, one with full encryption for my home use and another that's open for visitors - but it's connected to a VPN in another country just to be on the safe side.

            1. doublelayer Silver badge

              Re: Home users...check logs...

              Separation is good, but why do you need your guest network to be open? I run two networks as well, but I just give the password to the guest network to any guests and don't change it so they can come back. I don't need to carry the traffic of anyone who comes along, either to have free bandwidth or, now that tracking is a thing, get accused of something done by a stranger.

            2. chivo243 Silver badge
              Pint

              Re: Home users...check logs...

              I see what you did there... nice one!

          2. Cheese_Conquistador

            Re: Home users...check logs...

            Sure It's possible but then the old bill come back with "alright my son but you set it to open so you could claim anyone was using your connection, your nicked my lad" and the way this country is with it's draconian laws and procedures you could be in some trouble.

          3. Ken Hagan Gold badge

            Re: Home users...check logs...

            "technically literate" but completely naive about how your average plod, lawyer or judge will interpret this.

  4. Anonymous Coward
    Anonymous Coward

    I guess plod IQ problems are universal...

    I thought German plod had more brains. MAC <==> serial number <==> IMEI

    They should have the serial number, IMEI and (after a court order to whichever network the perp is using) the location by now.

    1. joeW Silver badge

      Re: I guess plod IQ problems are universal...

      Whats the relationship between MAC address and IMEI number?

      1. Anonymous Coward Silver badge

        Re: I guess plod IQ problems are universal...

        "Whats the relationship between MAC address and IMEI number?"

        An entry in the manufacturer's database.

      2. Voland's right hand Silver badge

        Re: I guess plod IQ problems are universal...

        Whats the relationship between MAC address and IMEI number?

        They are all written in the device flash at the same time at factory. This includes both the wifi Mac and and the Bluetooth Mac.

        The manufacturer has all of them in their database and getting the data takes a couple of seconds once you come with a court order.

        Das Plod (excuse me for my Pidgin German) are not following the proper Ordnung. There is something fishy here (grey import with re-flashed identity?) because if they have the MAC, they would have had the perp by now. There are countries where modifying the Macs and/or the IMEI permanently is a specific criminal offence on the books. This, will be coming here too. It is only a matter of time.

        1. JetSetJim Silver badge

          Re: I guess plod IQ problems are universal...

          Probably want to be firing off a request for information (suitably couched in legalese) to MediaTek or Qualcomm as those are the chipsets Moto uses.

          MAC OUI lookup returns:

          "F8:E0:79 Motorola Motorola Mobility LLC, a Lenovo Company"

          1. Voland's right hand Silver badge

            Re: I guess plod IQ problems are universal...

            Probably want to be firing off a request for information (suitably couched in legalese) to MediaTek or Qualcomm

            Even if they made it, Motorola has the data. Take the box which your phone arrived in. It should have a sticker with all MACs and IMEI. Older, battery equipped phones also had one printed underneath the battery.

            Further to this, even if it was Mediatek or Qualcomm making the chipset, the actual MAC is out of Lenovo/Motorola range - it has been programmed by the factory. Once again - leaving a data trail.

            That is done by the manufacturer and it KEEPS the details exactly because of requests like this from law enforcement.

            I stay by my original assessment. Das Plod is either fumbling the ball here or there is something else at work like f.e. a grey import with reflashed numbers.

            1. agurney

              Re: I guess plod IQ problems are universal...

              I stay by my original assessment. Das Plod is either fumbling the ball here or there is something else at work like f.e. a grey import with reflashed numbers.

              I'd suggest not fumbling, just looking for more evidence .. e.g. to correlate with other potential perps; they may have the device but not the operator; see where else they've been (physically, and on t'Internet), and so on.

    2. tim 13

      Re: I guess plod IQ problems are universal...

      Who says it has an IMEI number?

      1. Jon 37

        Re: I guess plod IQ problems are universal...

        The MAC says it's Motorola. Motorola make phones. Not sure if they still make laptops, but they certainly make far less laptops than phones. They make tablets, but they are much less common than phones. So it's probably a phone.

        This is Europe, so if it's a phone it's a GSM phone. The GSM standards require an IMEI number.

        So it probably has an IMEI number.

  5. hammarbtyp Silver badge

    Amateurs!!

    They should contact the US CSI or NCIS. I am sure I saw a weekly documentary where they could take a IP or MAC address and instantly show its location :)

    1. This post has been deleted by its author

      1. DJV Silver badge
        Facepalm

        Re: You forgot the joke icon.

        Obvious joke does not require a joke icon!

      2. slimshady76
        Holmes

        Re: Amateurs!!

        You calling those documentaries a joke? Next thing you're gonna tell me is the moon landing wasn't a fake, directed by Kubrick!!

    2. Charles Calthrop

      Re: Amateurs!!

      exactly.

      Get the young woman to open google earth then get the grizzled 'cuts-corners-but-gets-results-why-are-city-hall-busting-my-balls' man to tell her to enhance. Should zoom in to just above the perp's flat.

    3. Avatar of They
      Thumb Up

      Re: Amateurs!!

      Yeah, it once found that the worlds best hacker had a 192.168 address.

      Must be true though, NCIS said so.

      1. Anonymous Coward
        Anonymous Coward

        Re: Amateur Amateurs!!

        Nah, IIRC they just wait for the perp to hack THEIR system. Probably the mac originates from inside, because they are spoofing their spoof, and hacking their hack, backtracking their back trace, and then using 4 keyboards!

        1. Anonymous Coward
          Joke

          Re: Amateur Amateurs!!

          "Probably the mac originates from inside, because they are spoofing their spoof, and hacking their hack, backtracking their back trace, and then using 4 keyboards!"

          You have obviously never seen CSI....

          4 Keyboards??

          If you had said 4 people using one keyboard, then I would agree with you, but 4 Keyboards? No, their is definitely only one keyboard assigned to the whole show.

          1. slimshady76
            Linux

            Re: Amateur Amateurs!!

            They NEED 4 keyboards to navigate their UNIX-esque GUI. Have you seen any of those guys using a mouse, any time?

      2. sisk Silver badge

        Re: Amateurs!!

        Just get the pro cyber security CSI expert to code a GUI in Visual Basic to track the IP.

  6. Maelstorm

    Technical Details

    The MAC address (Media Access Control) is the hardware address that is in the ethernet frame header at layer 2. ARP (Address Resolution Protocol) binds the MAC address to an IP address that we all know and love. MAC addresses are hardware specific and can be changed. If the perpetrator is reading this, then they have either changed their MAC address or disposed of the device.

    In case you are wondering, the first three octets describes the manufacturer.

    1. Unicornpiss Silver badge

      Re: Technical Details

      " the first three octets describes the manufacturer."

      This is well known to nearly anyone in IT (except managers and CIOs, of course) My home router even does the lookup for you and tells you what the likely manufacturer is of devices on your network.

    2. Cronus

      Re: Technical Details

      As per the article the blackmailer doesn't appear to have been using a randomised MAC address.

      Also everybody suggesting that they should just destroy/dispose of the device with said MAC address is probably missing a trick also. The police aren't just looking for someone whose device has that MAC address they want logs indicating when and where the device with that MAC address has been.

      With both date and location they can then look through existing CCTV footage in those areas and apply a process of elimination to whittle down the list of people who are present in all/most of the CCTV footage. The blackmailer is likely to be in most if not all of them but random people who happened to be in the area at the time are less likely to appear in all the footage.

  7. Anonymous Coward
    Anonymous Coward

    It doesn't matter if the device has been disposed of, that's not what they are after, neither does it matter if the mac address is forged. As the article states they want to try and recover cctv footage linked to the use of the mac address, for instance pictures of everyone entering a cafe just prior to it connecting to the cafe's wifi, hence publicising it isn't an issue. Slim chance but better than no chance.

    1. Len

      Good point, for that same reason it also doesn't matter if the perpetrator has disposed of the device since, changed the MAC since or will change the MAC after reading this police request.

    2. Mark 85 Silver badge

      Flawed thinking maybe? One doesn't have to be "in" a café, etc. to use the WiFi. Just in range of the signal. But then, when playing with a 'puter, a cuppa' is mandatory.

  8. Timbo

    Surely all the plods need to do is to contact the mobile phone operator and get the logs of the MAC address over the last say 3-6 months.

    They should then have time-based location information and that should pinpoint when and where the phone has been kept (esp overnight) ? That should be enough to narrow down where the perp lives and charges their phone (probably overnight, like most people !).

    1. John Robson Silver badge

      MAC not used to connect to mobile network...

      1. agurney

        MAC not used to connect to mobile network...

        The article suggested the device was probably a Motorola smartphone, in which case it has both IMEI and MAC. As has been noted, the manufacturer should be able to link the IMEI and MAC, and a bit of poking around phone records should then turn up an IMSI if it is a smartphone .. but the authorities are well aware of that (according to anecdotes the presenter gave us on a UMTS training course back in the day).

        1. JetSetJim Silver badge

          *if* the manufacturer retained this mapping (and presumably it would be the chipset manufacturer, and not the phone manufacturer as all this stuff is on a single system-on-a-chip like Snapdragons or MediaTek chips), then you can get an IMEI.

          IEMI *is* used to authenticate a device when it attaches to the network, and certainly in the EU it is checked against a list of stolen devices so that in theory these are blocked from making calls, and so makes a stolen phone less valuable. I'm not sure how often this check is performed.

          However, while IMEI is used to authenticate, it may not actually be stored anywhere - this may be implementation specific, although functionality should be present to do this in a standard EIR. Operators used to forbid non-locked-in phones on their networks, and so they'd need to use IMEI for that, however that's no longer the case, so it may well be that IMEI is no longer reliably stored at the operator for a subscriber. But you may well be able to set a watch for the IMEI so that when it is next used some lights flash, or whatnot, and that would get you the IMSI, and then, if it's not an anonymous pre-pay SIM, subscriber info follows, and call trace/legal intercept/geolocation can be activated for that device, and SWAT teams can swoop on locations...

          1. Graham Cobb

            However, while IMEI is used to authenticate, it may not actually be stored anywhere

            I think you will find that under data retention laws, mobile operators have to store the IMEI. For at least a year in many countries.

    2. Symon Silver badge
      Headmaster

      "Surely all the plods need to do"

      I believe it's generally accepted usage that 'Plod' is used without an article, and it's singular. So, for example, Plod is on the case. A proper noun, out of Noddy, PC Plod. It's not like the filth. Or the rozzers. Sorry, IGMC ---->

  9. Charlie Clark Silver badge

    GDPR says no

    Anything that can be connected with an individual falls under the remit of GDPR and can not be stored long term. There are exceptions, or correctly, workarounds that allow IP addresses to be stored temporarily for things like criminal investigation but, and this is a big one, only in connection with activity carried out on the network. So, a general appeal for data relating to a MAC address is in breach of GDPR of which the police should be aware. This could invalidate any case by making evidence inadmissible.

    1. Germanjulian

      Re: GDPR says no

      I was going to write exactly the same thing.

      Note that The Register itself should not be posting the MAC address.

    2. Doctor Syntax Silver badge

      Re: GDPR says no

      "So, a general appeal for data relating to a MAC address is in breach of GDPR of which the police should be aware."

      One thing the police will be aware of is the extent of the exceptions granted to them under GDPR.

      1. Charlie Clark Silver badge

        Re: GDPR says no

        One thing the police will be aware of is the extent of the exceptions granted to them under GDPR.

        It's not about the police, it's about the companies holding and potentially releasing the data. You are allowed to hold this data for a limited time for your own purposes, such as cyberattacks, but not for the general behest of third parties. This is why the various data retention laws were struck down by the German constitutional court.

        The police can always apply for, and will usuallly get, a warrant to look at the data but companies are not allowed to do their work for them.

    3. tim 13

      Re: GDPR says no

      There are all sorts of GDPR exemptions for crime detection/prevention/national security

    4. MatthewSt

      Re: GDPR says no

      Let's just hope that they come forward to lodge a complaint then!

    5. Anonymous Coward
      Anonymous Coward

      Re: GDPR says no?

      Does GDPR say no? A Mac address (or an IP address or an email name) is 'potentially identifiable' - but there isn't a blanket ban on holding the data. If you have a reason to store it, store it securely, and don't use it to identify an individual without their consent you can store it. So if my reason was 'monitor performance of my wif router' and the log was on a secure drive I'm ok. If my reason is 'identify repeat visitors to my coffee shop' or I leave the list on a train I'm not. So as long as someone with that address logged just calls up Police and says - I saw that MAC address, and leaves it to the police to do the CCTV thing, I don't think GDPR has been violated. And fairly certainly any 'public' wifi will have a 'the right to monitor and collect information while you are connected to the Service. Any information collected may be used at the discretion of the operator, including sharing information with law enforcement agencies e.g. for the prevention and detection of crime, the apprehension of offenders and other applicable legal requirements." clause in the small print.

    6. Anonymous Coward
      Anonymous Coward

      Re: GDPR says no

      So, just to get this straight. When the police issue an appeal for "a 5ft 10in tall man wearing jeans and a red puffa jacket" in connection with a crime, that's fine, but a MAC address isn't?

      1. Charlie Clark Silver badge

        Re: GDPR says no

        So, just to get this straight. When the police issue an appeal for "a 5ft 10in tall man wearing jeans and a red puffa jacket" in connection with a crime, that's fine, but a MAC address isn't?

        Absolutely, which is why they so rarely use names in such circumstances. So, a Lenovo X13 Thinkpad, or whatever, the manufacturer says the device is, would also be fine.

  10. Sir Runcible Spoon Silver badge

    If the Police were clever about this, they would set up multiple open wi-fi access points or bluetooth readers around the area along with camera's.

    If the perp has his phone set to look for open wi-fi/left bluetooth on, then they might get him in passing, or if not then he might just use one of their hotspots and catch him in the act.

  11. Cragganmore

    Am i being thick...

    (probably) but how would the Polizei figure out the MAC address in the first place? Would surely need an initial lead to know which router (or other) logs to look through.

    1. MacroRodent Silver badge
      WTF?

      Re: Am i being thick...

      I was about to ask the same thing (but then, I may be thick also, at least if you ask my missus).

      1. Cragganmore

        Re: Am i being thick...

        Apparently: "During the investigation, the German police successfully communicated with the alleged blackmailer multiple times via an email and succeeded in capturing his/her Motorola brand device's MAC address f8:e0:79:af:57:eb, which was allegedly connected to several public Wi-Fi networks in Berlin at different times"

        really... how...

        1. Anonymous Coward
          Anonymous Coward

          Re: Am i being thick...

          > really... how...

          I can only assume some shitty Android email client that adds that info into headers completely unnecessarily.

        2. JetSetJim Silver badge

          Re: Am i being thick...

          Perhaps the IP used for the email (and visible in the headers) was traceable (via the ISP) to a router/hub/access point that kept a record of sessions - e.g. commercial Cisco wifi APs will keep records for each device containing MAC address, authentication method, #packets/bytes shipped in each direction, start time and duration (pinch of salt on that one as there's no explicit disconnect in wifi), so all they need to do is get a judge to sign off on a legal "search" of the router to get the logs from it, which are available through a standard API with the appropriate credentials (which no doubt the operator holds).

          1. Anonymous Coward
            Anonymous Coward

            Re: Am i being thick...

            Yes, you mean if the router was one owned/controlled by the ISP they could remote view its logs.

        3. Anonymous Coward
          Anonymous Coward

          Re: Am i being thick...

          So they just add a bit of javascript to the webmail which looks up the IP and sends it back to them.

        4. Deckard_C

          Re: Am i being thick...

          The email server will add your external IP address to the email header, which will give them the public wi-fi from the ISP.

          Emails clients will either add the local IP to the email header or send it in the helo to the email server which will then add it the header. (webmail won't include it as you can't get the local IP in a browser)

          The MAC address will be in the log of the wi-fi networks DHCP or maybe still in the DHCP server with the IP lease. Which will also includes the host name of the device. Windows 7 and maybe 8 would name PCs after the initial user so you get a lot of first names. Android and Windows 10 gives seemingly random names.

          My home router (ISP provided) still lists the MAC address of a device which was connected once over 3 months ago, includes the host name (first name of the owner) so I know what device it was.

        5. ChrisElvidge

          Re: Am i being thick...

          Running "nmap" on the IP address will give you the MAC.

          1. Down not across Silver badge

            Re: Am i being thick...

            Running "nmap" on the IP address will give you the MAC.

            Bit of an overkill, if all you want is the mac address.

            arp target will give you the mac address of target. You can specify hostname or ip address as the target.

  12. mr_souter_Working

    assume the perp is reasonably smart

    step 1 - run an open WiFi hotspot in a popular location

    step 2 - harvest all the MAC addresses you can

    step 3 - repeat in several locations

    step 4 - spoof a random assortment of those MAC addresses when using the net for nefarious purposes

    step 5 - wait until they start looking for one of them and move to another

    1. Anonymous Coward
      Anonymous Coward

      Re: assume the perp is reasonably smart

      More likely used a cash-bought phone with data voucher top-up also paid in cash. Completely anonymous - I assume. Turn off GPS/high-accuracy etc.. Use laptop hooked up to that device.

      1. Anonymous Coward
        Anonymous Coward

        Re: assume the perp is reasonably smart

        It's only anonymous if there is no CCTV of the person. If they bought a phone there may be CCTV in that surrounding area. Every time they used the phone , if the MAC did not change, there may be CCTV in that area.

        This exercise is not about tracing the individual from the device it is about getting a movement pattern to use CCTV or asking people in the area at the time.

  13. clocKwize

    I don't think it matters if the mac address is legit, spoofed or changed often, or if the phone has been binned.

    If someone contacts them and says "Hey, I just checked my logs, someone connected to our Cafe's WiFi with that MAC address at 10:15am on the 35th of Febtober, and I checked the CCTV and there is a shifty looking guy sipping a coffee in a corner, surrounded by fireworks and empty boxes of nails, scrolling through facebook - want to check it out? I have the credit card number he used to buy his coffee" that'd be pretty damn useful.

  14. Anonymous Coward
    Anonymous Coward

    Why don't the German police just ask Facebook?

    "A police probe turned up the MAC address f8:e0:79:af:57:eb, which, if genuine and non-spoofed, belongs to a Motorola/Lenovo device – most likely a Motorola smartphone."

    Chances are high that if the user is running a stock ROM without ROOT that Zuckerbergs infamous Graph API is installed either by the Facebook app or any number of third party apps that use Facebook's API.

    The Facebook Graph API scans and collects WIFI SSID , MAC address,etc.

    private static final String PARAM_MAC_ADDRESS = "mac_address";

    private static final String PARAM_LATITUDE = "latitude";

    private static final String PARAM_LONGITUDE = "longitude";

    1. Anonymous Coward
      Anonymous Coward

      Re: Why don't [they] just ask Facebook?

      "infamous Graph API is installed either by the Facebook app or any number of third party apps that use Facebook's API."

      On a related matter: I don't use Facebook on my phone, I use it very little (and reluctantly) on desktop Interweb, etc.

      My last three mobiles have been Moto G with stock Android ROM, with no obvious pre-installed Facebook. If I know that an optional app is closely linked with Facebook, I don't install it, which is one reason why I have no Whatsapp,

      Is there an easy way for people to check whether their phone(s) or other devices are infested by this Facebook Graph API pestilence?

      Historic note: in the dim and distant dark days when GUIDs were a novelty and allegedly considered to be "progress", I was surprised to keep seeing 08-00-2B in the GUID in various places (typically in MS Office documents?). And then I found out why it was there, and what it meant, and decided there was going to be trouble ahead one day. Allegedly these things work differently now. Maybe they do.

      1. Anonymous Coward
        Anonymous Coward

        Re: Why don't [they] just ask Facebook?

        "Is there an easy way for people to check whether their phone(s) or other devices are infested by this Facebook Graph API pestilence?"

        You can check here:

        https://reports.exodus-privacy.eu.org/en/reports/apps/

        You might be surprised what is inside some of your apps.

        Or you can do it manually using ADB by taking a SHA 256 sum of installed apps using PM and check the SHA sum against Virus Total results or by running dexdump.

        (I believe Exodus goes into detail on how they checked for trackers)

        You could also extract the APK's from your device and use any number of open source decompilers.

  15. JohnFen Silver badge

    Let's just hope

    Let's just hope that this guy doesn't know how easy it is to change your MAC address.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019