Ever since the dawn of the cellphone, device manufacturers and service providers have poured billions of dollars into the development of new, unique gadgets to capture the attention and paychecks of the public. This corporate arms race has led to many fantastic developments in handheld technology, rapidly evolving simplistic and bulky mobile telephones into the multitasking powerhouses that we carry today. Modern day smartphones can retrieve email, browse the web, play media, run games, and more, all in a package that fits in the palm of your hand. Recently, this advancement has largely included social networking tools, allowing anyone to broadcast thoughts and information to untold numbers of people around the globe simply by tapping a few keys on their phone.
Unfortunately, the exponentially increasing complexity and feature set of such phones has led to a decrease in their security. Many of these devices are equipped with small cameras, perfect for snapping a quick picture to share with friends via sites like Facebook. What many people don’t realize, though, is that every time they capture an image, their phone is capturing a plethora of other information and including it in that image file. This information is called Exif data. Exif, or the exchangeable image file format, is a standard that specifies the formats for any images, videos, or audio recordings made on modern digital devices. While it includes a lot of harmless data, such as ISO speed, focal length, and resolution, it also records the make and model of the device, timestamp, and potentially GPS coordinates of the shot.
These details present two large security risks. First, including the make and model of the device makes it easy for any potential digital attackers, as once they have that information they can start looking for exploits specific to that product. Second, and in my opinion more importantly, the location information and timestamp included in the image can be immensely useful to any physical attackers. By reading the Exif data of an image, they can potentially tell what you’re doing, when you were doing it, and where it was happening.
By posting these images to social networks, potentially everyone has access to these details. Granted, privacy settings can restrict some access, but anything posted to the internet can be copied and distributed with minuscule amounts of effort. Friends’ accounts can be compromised, the image may be reposted by someone else, or an associate may even turn out to be malicious. Next time you post an unfiltered image from your smartphone or other device, think first. Do you really want to reveal this much information?