Digital cameras are everywhere today, whether they are standalone or built into cellular telephones. 9 out of 10 people today have some sort of digital camera with them at all times; mainly because most cell phones today have them built-in. The explosion of social networking sites like MySpace, Facebook, and Twitter have created an easy and convenient avenue for individuals to share their pictures with friends and family. Social networking sites have proved to be invaluable business tools but have also been identified as a security risk. The same goes for Exchangeable Image File Format (EXIF). EXIF is metadata that is stored inside a digital image. In other words, EXIF embeds information about the digital image inside the file.
Most digital cameras capture EXIF information which usually consists of the date/time, ISO speed, whether or not a flash was utilized, focal length, etc… It is important to note that EXIF can contain hundreds of lines of information. If the camera has Global Positioning System (GPS) capability, mainly seen in Smartphones such as the iPhone, Blackberry, and Android, the EXIF will capture the GPS coordinates when the photo was taken. Many refer to this information as “geotagging”. Geotagging information found in EXIF data which is uploaded to social networking sites may pose a significant security threat.
Geotagging information can be extracted from a picture and used to pinpoint your exact location when the picture was taken. This information can be extremely valuable to criminals as well as terrorists. For example, military personnel in Iraq or Afghanistan who have taken photos and uploaded them to their favorite social networking site have not just pinpointed their locations to the enemy. Same goes for military members overseas. Operational security (OPSEC) is always a concern when abroad, so why broadcast your exact location to the world?
Virtually all nontechnical people are unaware that their digital pictures contained information about their images to include GPS coordinates. Before you upload a picture taken with your Smartphone, ask yourself whether or not you really want to broadcast the location of your home to millions of strangers. I can personally tell you that I don’t want strangers, criminals, psychos, etc… knowing where I live. The solution is to ensure that Smartphone applications don’t have the permissions to publish GPS information. Many Smartphone applications such as the Twitter APP will ask you permission to access your location once installed, just make sure you select “no”.
This information is based on my own training and experience.