Type to search

Metadata security and exploits

On the internet we share a lot of information. We publish pictures, papers, files, applications and much more on the internet. But did you know that all these files are loaded with metadata. Metadata is information that is saved on the properties of the file that has been created. For example, if you would upload a picture, it is possible that a GPS metadata is included in the picture.

This will allow anyone which is interested in your location to download the file and extract the GPS locations.

A perfect example is the example of John McAfee, he was on the run for the authorities, but he got found by using the GPS metadata which was builded by his iPhone.

This is the picture which contained the GPS location.

This is the picture which contained the GPS location. On the left you will see John Mcafee.

John Mcafee exif GPS data

John Mcafee exif GPS data

Metadata is incredible valuable for security experts and cybercriminals. The information which can be obtained from metadata can provide insight on:

  • Locations
  • Applications which are being used
  • Usernames which are being used to create the files

FOCA

And much more. The creaters of the FOCA tool implemented a awesome function in their tool which is able to scan files for metadata. It is able to export the found metadata to a .CSV file or file of choice. Recently a article got published which explained how a FBI officer claimed that the FBI targets people using found metadata. Of course anybody that is able to read the metadata will do something with the found information. That is why it is important to be aware of which functions are used in the applications and files that are being used or build.

Now that we know that metadata is dangerous  – we can start focussing on the information which we share with social media networks like Facebook.com. Each picture or message that you post on the social media website contains forced metadata which is stored by Facebook. This information can be accessed by the NSA or other agencies to complete their puzzle on individuals.

puzzle

Now how can you manage the metadata that you publish on the internet. The first thing which you should take a look at is the options which the application you are using provides. Most of the times the applications allow you to change or delete Metadata from the file that you are going to publish. Another way is to change the file properties which store the metadata.

Tags: