Cisco Blogs

NCSAM Tip #4: The Hidden Data in JPG Photos

October 6, 2011 - 4 Comments

Digital photography has certainly brought considerable joy into the lives of millions of people around the world, but there are also security implications and they may be somewhat different than what many people believe. Many images, including JPGs, can contain metadata, data about the data in the image. To illustrate, I took a picture of the Ike cutout in front of my cube.


Seems harmless enough, but let’s take a look at the EXIF data in this image.

I used but there are other sites and apps that will let you view and/or manipulate EXIF data. Per here is some of the EXIF data:

Basic Image Information

Description: SAMSUNG
Camera: Samsung GT-I9000
Lens: 3.5 mm (Max aperture f/2.6)
Exposure: Auto exposure, Program AE, 1/13 sec, f/2.6, ISO 100
Flash: Off, Did not fire
Date: September 15, 2011 9:26:08AM
Location: 37° 24′ 30″N, 121° 55′ 39″WAltitude: 0 m
Timezone guess from 8 hours behind GMT
File: 1,920 × 2,560 JPEG (4.9 megapixels)
1,542,855 bytes (1.5 megabytes) Image compression: 90%

Look, it put me correctly in Building 17.

Like many things security related, there is good news and bad news. The good news is that Facebook and many forums, such as newer versions of vBulletin, strip the EXIF data, increasing your security. The bad news is that if you are into photography, you may actually want to expose that info. Popular photosharing site, Flickr, allows you to expose EXIF data if you desire.

So, while knowing that you shot a picture of a cat with a smartphone and the exposure was 1/100 sec at F 5.6 is of little consequence or harm, knowing the exact location where a picture was taken that showed an expensive new TV, gun collection, jewelry or some other precious, opens the door to thieves who may use the internet to pick their next victim.

In the end, knowledge is power. Knowing that fairly detailed information, including location, may be embedded in the images you publish is the first step in making an informed decision about what you publish as well as how much you worry about EXIF data.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Is there any mechanism to reduce the accuracy of the location? Remove, round or randomize the seconds/minutes of the coordinates? Personally I’d prefer removal/zero as randomizing might point to some other poor potential victim.

  2. So how do we strip off that data?

    • Hi Alan, many social media sites such as Facebook do that for you. With smartphones you can usually disable the embedding of location data. Wish there was a simple one size fits all answer but there are many different moving parts here….

  3. I agree adding the exact location where the photo was taken in the EXIF Meta Data of JPEG Pictures may leave the user vulnerable to security threats posed the one’s who may use these pictures for wrong things. We must take sufficient appropriate steps to prevent our private details like location where picture was taken so that no body knows about our real house or office location