Skip to comments.Did Fried Brain Cells Bag John McAfee?
Posted on 12/13/2012 8:44:36 PM PST by null and void
How is it possible that John McAfeeJohn McAfee, the pioneer in protection against hacking, for goodness sakewas tracked down in Guatemala by a hack so simple it doesnt really deserve to be called a hack?
First, Vice magazine posted a picture of McAfee snapped by an iPhone-bearing staffer who was visiting the fugitive. Then, the enterprising Twitter user Simple Nomad downloaded the photo and extracted the metadata from special headers, EXIF tags, embedded in most digital images. Based on longitude and latitude, the type of device used, and sometimes even the name of its owner, the metadata can reveal precisely where a photo was taken.
This isnt even cutting-edge stuff. The capability to glean information from image headers has been around for years in traditional digital cameras, says Johannes Ullrich, who heads the Internet Storm Center for the SANS Technology Institute. Its original intent was to help you store information like what type of lens you were using, or the aperture setting. But as cameras became fancier, more information was stored in these headers.
While few digital cameras have GPS capabilities, theylike camerasare a given in smartphones.
Back in 2010, Ullrich tested the prevalence of EXIF tags. He collected 15,291 images from Twitpic.com, analyzed their EXIF data and found:
Approximately 10,000 images had basic EXIF information, such as camera orientation and resolution.
5,247 included camera model.
399 noted camera location at the time the photo was taken.
102 included the photographers name.
The bulk of images with GPS information came from iPhones.
(Apparently, iPhones store the most extensive amount of EXIF data.)
Ullrich offered up a photo he took with his iPhone:
Heres images EXIF information, as it appears when collected with a tool called exiftags:
Take the latitude and longitude, pop them into a mapping site and Voilà:
The complications this can cause for pretty much anyone are apparent, whether theyre an on-the-run millionaire or someone just skipping work for the day. If you want to avoid any trouble, disable the location services on your smartphone. You wont be able to arrange your pictures geographically, but that could be a small price to pay.
Unfortunately, removing data from images youve already posted online is harder. There are some commercial tools, but its nothing I would recommend to consumers at this point because its too hard to use and too expensive for the use it would get, Ullrich says.
Theres also the of time and effort. Youd have to download the images you wanted to scrub and then rub them through one of the available EXIF tools. But if youre determined to do it, take a look at exiv2 and ImageMagick, which can help you review and strip out the images header information.
But before you freak out thinking about of all of the pictures youve got on Facebook, Google+ or wherever, Ullrich notes that some sites strip out the metadata before its posted.
In fairness, a number of reports say it was an unseasoned Vice staffer who posted the photo without scrubbing the metadata.
I am not impressed with his AV program.
Simply don’t buy an IPhone or other GPS-tagging device in the first place. And if you do certainly don’t publish photos anywhere.