Exif Data, Social Networking, and You

EX: GPS location tagging on campus

Ever since the dawn of the cellphone, device manufacturers and service providers have poured billions of dollars into the development of new, unique gadgets to capture the attention and paychecks of the public. This corporate arms race has led to many fantastic developments in handheld technology, rapidly evolving simplistic and bulky mobile telephones into the multitasking powerhouses that we carry today. Modern day smartphones can retrieve email, browse the web, play media, run games, and more, all in a package that fits in the palm of your hand. Recently, this advancement has largely included social networking tools, allowing anyone to broadcast thoughts and information to untold numbers of people around the globe simply by tapping a few keys on their phone.

Unfortunately, the exponentially increasing complexity and feature set of such phones has led to a decrease in their security. Many of these devices are equipped with small cameras, perfect for snapping a quick picture to share with friends via sites like Facebook. What many people don’t realize, though, is that every time they capture an image, their phone is capturing a plethora of other information and including it in that image file. This information is called Exif data. Exif, or the exchangeable image file format, is a standard that specifies the formats for any images, videos, or audio recordings made on modern digital devices. While it includes a lot of harmless data, such as ISO speed, focal length, and resolution, it also records the make and model of the device, timestamp, and potentially GPS coordinates of the shot.

These details present two large security risks. First, including the make and model of the device makes it easy for any potential digital attackers, as once they have that information they can start looking for exploits specific to that product. Second, and in my opinion more importantly, the location information and timestamp included in the image can be immensely useful to any physical attackers. By reading the Exif data of an image, they can potentially tell what you’re doing, when you were doing it, and where it was happening.

By posting these images to social networks, potentially everyone has access to these details. Granted, privacy settings can restrict some access, but anything posted to the internet can be copied and distributed with minuscule amounts of effort. Friends’ accounts can be compromised, the image may be reposted by someone else, or an associate may even turn out to be malicious. Next time you post an unfiltered image from your smartphone or other device, think first. Do you really want to reveal this much information?


4 thoughts on “Exif Data, Social Networking, and You

  1. Everyone should make sure to turn off the geotagging feature on their phones, esp. if you post a lot of photos onto Facebook. Many people aren’t even aware that any data is stored along with each photo. You’re really opening yourself up to trouble on your phone if you’re not careful.

    • Exactly, when I was using HTC Sense on my Glacier the option to turn it off wasn’t very obvious and I unknowingly took quite a few pictures with it on. Cyanogenmod 7’s camera app allows you to select whether or not to allow location tagging, but it can be pretty hard to find in other Android environments.

  2. I believe Facebook strips the exif data out of the photo, when you re-download a Facebook picture you’re lucky to find the Exif data there. However, if you are uploading to file sharing sites (especially ones specifically for photo sharing), the chances are pretty good they will keep the Exif data there.

    • Just realized that! Well that’s a step in the right direction for Facebook, but if you’re distributing the raw image file or hosting it on sites that don’t strip off the exif data as you said, then you still need to be careful. I think in general everyone should be aware of what their devices are recording, as most people probably don’t want every single picture they take to be location tagged.

Comments are closed.