Tracking Stolen Macs with Undercover 5

I’m a big fan of Orbicule products. Aimed at making your Mac more secure, I’ve previously taken a look at Witness, a background application that, once activated, “blocks” your Mac’s screen and activates the built-in camera to snap pictures to see who’s using your computer. It can also do fancy things like running AppleScripts and recording sounds using the Mac’s internal microphone.

I recently installed Undercover 5, the latest version of Orbicule’s OS X tracking solution for stolen Macs, and I’m very impressed by it. Think of Undercover 5 as Find My Mac on steroids.

In my coverage of the new iCloud web apps launched in September, I mentioned the improvements made to Find My iPhone, which included a new UI and more iOS-related functionalities, but nothing new on the OS X side. With Find My Mac, you can visualize computers on a map, lock them, and erase them, but there isn’t much you can do to identify the person using your computer or to gather information about his/her habits and identity. This is were Undercover comes in.

Allow me to start with the only thing I don’t like about Undercover: the lack of a full-featured iOS client. When your Mac is reported stolen, the only way to access Undercover is through a web app, whereas I would like to have an iOS app – especially on the iPad – with support for push notifications (“Your Mac has moved”), maps, and everything else that Undercover does. Hopefully Orbicule is working on it.

Undercover’s website looks great. It resembles a native Mac app mixed with iOS-inspired black design elements such as tab bars, sidebars, and so forth. In terms of design, I have nothing to argue against Orbicule’s decisions for Undercover. Having a Mac stolen is bad news, but at least the tracking service is beautiful.

Undercover can locate your Mac and do stuff with it. It collects screenshots and snaps photos using your Mac’s FaceTime camera; it logs keystrokes (organized per application), identifies faces in photos, and can even simulate a hardware failure (this option is aptly called “Plan B”) so a thief will bring the Mac to a repair shop (or Apple retail store) where you can, remotely, display a full-screen message.

I have tested Undercover 5 by simulating a theft with my iMac, and I noticed several little touches and clever implementation details that convinced me Undercover is the best tracking/remote control solution for me.

Location uses Google Maps and the Skyhook WiFi database to match routers with areas; obviously, the Mac’s IP address is also recorded, so if a router isn’t registered on Skyhook, you’ll still be able to provide the police with that data. Initially, my Mac wasn’t showing up on a map, then I added my router’s information to Skyhook, and the following day my Mac appeared on Undercover’s map. The Orbicule developers explained that they’re using Skyhook, and not Apple’s own CoreLocation, because the Mac’s native location features can be disabled in System Preferences if a user knows the password. With Skyhook, everything runs in the background and is (mostly) invisible to the user.

The map view has a timeline at the bottom so you can view your Mac’s position in time, and optionally hit a “Locate Now” button to request location on demand.

Photos and screenshots are saved chronologically. If your Mac is connected to multiple displays, Undercover will capture all of them.

While the Screenshots tab lets you see, for instance, the websites a thief visits, the Key Logs section is where you’ll learn what he types to get on those websites. For example, passwords and emails. Keystrokes are logged in chronological order and saved by application; I would like to see support for modifier keys.

Every feature can be accessed on demand; by default, location is transmitted to Orbicule’s servers every 20 minutes.

Undercover lets you create downloadable theft reports that include all the information the app is capable of saving. Theft reports remain available for six months after you have marked a Mac as recovered (or simply closed the theft report). The Undercover website has detailed instructions on the files it installs, and how to prevent clean installs of OS X (in short: set a firmware password).

Undercover costs $49 for a single-user license, and I think that’s money well-spent as an investment for your Mac’s security. Sure, if my Mac gets stolen, I’ll be able to locate it and lock it using the free iCloud.com app and Find My Mac. But if my Mac gets stolen, I’ll also want (and need) the extra functionality that Undercover provides, particularly photos and screenshots – invaluable data you can give to your local police station to help them in the recovery of your computer.

If you’re looking for a more powerful Find My Mac, I highly recommend Undercover 5.