NCSAM Tip #4: The Hidden Data in JPG Photos
Digital photography has certainly brought considerable joy into the lives of millions of people around the world, but there are also security implications and they may be somewhat different than what many people believe. Many images, including JPGs, can contain metadata, data about the data in the image. To illustrate, I took a picture of the Ike cutout in front of my cube.
Seems harmless enough, but let’s take a look at the EXIF data in this image.
I used http://regex.info/exif.cgi but there are other sites and apps that will let you view and/or manipulate EXIF data. Per regex.info here is some of the EXIF data:
Basic Image Information
Camera: Samsung GT-I9000
Lens: 3.5 mm (Max aperture f/2.6)
Exposure: Auto exposure, Program AE, 1/13 sec, f/2.6, ISO 100
Flash: Off, Did not fire
Date: September 15, 2011 9:26:08AM
Location: 37° 24′ 30″N, 121° 55′ 39″WAltitude: 0 m
Timezone guess from earthtools.org: 8 hours behind GMT
File: 1,920 × 2,560 JPEG (4.9 megapixels)
1,542,855 bytes (1.5 megabytes) Image compression: 90%
Look, it put me correctly in Building 17.
Like many things security related, there is good news and bad news. The good news is that Facebook and many forums, such as newer versions of vBulletin, strip the EXIF data, increasing your security. The bad news is that if you are into photography, you may actually want to expose that info. Popular photosharing site, Flickr, allows you to expose EXIF data if you desire.
So, while knowing that you shot a picture of a cat with a smartphone and the exposure was 1/100 sec at F 5.6 is of little consequence or harm, knowing the exact location where a picture was taken that showed an expensive new TV, gun collection, jewelry or some other precious, opens the door to thieves who may use the internet to pick their next victim.
In the end, knowledge is power. Knowing that fairly detailed information, including location, may be embedded in the images you publish is the first step in making an informed decision about what you publish as well as how much you worry about EXIF data.