Reconnaissance with Images
Gathering data on a target is extremely important if we plan to execute an attack in a more efficient manner. A typical attack scenario starts with a long reconnaissance process. In this case "reconnaissance" refers to the gathering of information in any and all possible manners regarding a particular object of interest. We can gather information from websites online, dumpster-diving offline, and also through the classic act of social engineering. Online information gathering emerged after millions of people all over the world started participating in social networking sites like Orkut, Facebook, Twitter etc. People started to maintain a virtual image of themselves, which may, or may not, be similar to their real-world image. In this article, we shall see the social implications of these dual personas and how they can lead to the exploitation of vanity. We shall also look into how someone's life can be affected and the risks of geo-localization. This article also features various tools used to perform reconnaissance with the images.
Social networks like Twitter, Facebook etc. are exploiting human vanity. The Y2K syndrome highlighted global fears that there might be something out in the virtual universe that would take control of our lives—something like the implantation of GPS chips in our skin, for example. Well, it's not "something" that takes control of our lives, instead we ourselves blithely send out various pieces of personal information in an attempt to project ourselves as something special within the virtual universe.
FREE role-guided training plans
FREE role-guided training plans
A Classic Example of Information Leakage Through Social Networking Sites
In the above image, we can glean a lot of indirect information regarding the whereabouts of the person. Mr. XYZ was at "Annamalai International Hotel" in a place called "Pondicherry" eight hours ago, and he is using a Windows phone! It's well known that the interface shown in the above image is from Facebook.
Possible Attack Scenario:
It's a reasonably valid assumption that this person uses his mobile device to check email, and to access other online accounts. Suppose I am his friend on the social networking site. Through a socially engineered attack, I can gather information regarding his habits and other personal updates by monitoring the feeds on the site. In addition, because his email ID is listed in his profile, I can probably send him a crafted mail that can gain me backdoor access to his phone through the available exploits. Or I can potentially steal his credentials; the possibilities depend on my creativity. The scenario above provides just one example where an image can speak for the individual.
EXIF Data and Images:
Smartphones and digital cameras (including scanners) use a standard format for images and recorded sounds. This standard is called exchangeable image file format. This information may include details about the camera model, shutter speed, focal length, etc. Most importantly, it contains GPS information about where the image was taken. By default almost all smartphones have GPS data activated. The camera setup asks the user to set it during the pre-initial setup. People tend not to remember to wipe off the GPS location data for every photo they shoot. Thus, GPS information is embedded in almost all images taken.
Social and Security Issues
When a member of the press releases an interview with a hacker (or another wanted criminal) offers a promise of anonymity during the telecast, that offer is not always valid. Any image that is uploaded from the interview might help an investigation by allowing examiners to track the GPS location where the image was taken. An untrained member of the press staff who publishes the image on the net might not be aware of the fact that he should have stripped off the EXIF data that's hidden in the image.
With this back ground let's see various online and offline tools to extract metadata from an image:
-
Jeffrey's Exif viewer
Type of tool: Online
URL: http://regex.info/exif.cgi
Input options to the tool
Basic Information provided by the viewer
This is a very basic EXIF data viewer. It shows the specifications of an image with respect to the camera. The information gained from this tool tells us the date and time when the image was taken. It also tells us which camera has been used for the image.
This information is vital if we are going to find a lost camera belonging to a particular person. If we have a database of EXIF data from public images on the internet, a lost camera can be found by comparing the EXIF data of the owner's image and the stolen image.
-
EXIFDATA.COM
Type of tool: Online
URL: http://exifdata.com
Input interface of this tool
Metadata shown
This tool offers a lot of details and can be considered advanced. It reveals every tiny bit of metadata found embedded the images as you can see from the above example—that image was taken from an Apple iphone 4. Such easily available information will definitely make any attack very efficient.
In the image below we see the geo-localization of information. As mentioned before, the default settings of smartphones keeps the GPS settings switched ON. As a result, when an image is taken, its geo-local information (like longitude, latitude, and height above the sea level) gets embedded in the image. This comes in very handy when trying to pinpoint the exact location of a criminal who might be absconding from law.
GPS Position Exactly Displayed
-
Opanda IExif Tool
Type of tool: Freeware
Download URL: http://www.opanda.com/en/iexif/index.html
Summary of Metadata on Opanda
Opanda is a very advanced tool. It allows for the categorization of various kinds of metadata that can be found in an image. It categorizes data into GPS and IPTC sections. The summary includes all the details, and this tool is very organized compared to all other tools. It also delivers optimum performance with respect to various images.
One added advantage of this tool is that it also allows us to edit EXIF data within the image. This is very helpful when we would want to strip off the metadata. We can either change and mask our information, or delete the information altogether.
-
Windows Image Property Viewer
Tool type: general, built-in operating system feature
The above figure shows how to strip off general metadata
This method for viewing metadata is designed for a layman who isn't very adept at using advanced tools and technology. These interfaces also don't strip off a huge amount of metadata information like Opanda. Thus, this is one of the least used methods when it comes to stripping or viewing EXIF data.
- Writing a Custom PHP Script:
The following image shows a script in PHP which will capture the EXIF data from an image. It returns the time and date when the image was taken, the GPS coordinates of the location where the image was taken, and also tries to read from the headers of the image.
Conclusion
FREE role-guided training plans
FREE role-guided training plans
In this article we have reviewed the hidden information that pictures can reveal to a forensic expert. Undoubtedly, hidden metadata provides the truth in the age-old quote: "A picture is worth a thousand words." I have tried my best to show you both faces of the coin, i.e. the advantages to both reading the metadata and also to stripping off the metadata. As many people spend time projecting a new virtual image onto the public Internet, they are unaware of just how much information they are unintentionally revealing about themselves. A stalker can find all this information and can still trouble you and invade your privacy. Thus any uploading interface should be embedded with scripts to strip the image being uploaded of metadata so that the user's privacy is not compromised. With these words, I advise all readers to keep a close watch on the amount of information you reveal online.
- 12 pre-built training plans
- Employer-requested skills
- Personalized, hands-on training
In this Series
- Reconnaissance with Images
- The rise of ethical hacking: Protecting businesses in 2024
- How to crack a password: Demo and video walkthrough
- Inside Equifax's massive breach: Demo of the exploit
- Wi-Fi password hack: WPA and WPA2 examples and video walkthrough
- How to hack mobile communications via Unisoc baseband vulnerability
- How to build a hook syscall detector
- Top tools for password-spraying attacks in active directory networks
- NPK: Free tool to crack password hashes with AWS
- Tutorial: How to exfiltrate or execute files in compromised machines with DNS
- Top 19 tools for hardware hacking with Kali Linux
- 20 popular wireless hacking tools [updated 2021]
- 13 popular wireless hacking tools [updated 2021]
- Man-in-the-middle attack: Real-life example and video walkthrough
- Decrypting SSL/TLS traffic with Wireshark [updated 2021]
- Dumping a complete database using SQL injection [updated 2021]
- Hacking clients with WPAD (web proxy auto-discovery) protocol [updated 2021]
- Hacking communities in the deep web [updated 2021]
- How to hack Android devices using the StageFright vulnerability [updated 2021]
- Hashcat tutorial for beginners [updated 2021]
- How to hack a phone charger
- What is a side-channel attack?
- Copy-paste compromises
- Hacking Microsoft teams vulnerabilities: A step-by-step guide
- PDF file format: Basic structure [updated 2020]
- 10 most popular password cracking tools [updated 2020]
- Popular tools for brute-force attacks [updated for 2020]
- Top 7 cybersecurity books for ethical hackers in 2020
- How quickly can hackers find exposed data online? Faster than you think …
- Hacking the Tor network: Follow up [updated 2020]
- Podcast/webinar recap: What's new in ethical hacking?
- Ethical hacking: TCP/IP for hackers
- Ethical hacking: SNMP recon
- How hackers check to see if your website is hackable
- Ethical hacking: Stealthy network recon techniques
- Getting started in Red Teaming
- Ethical hacking: IoT hacking tools
- Ethical hacking: BYOD vulnerabilities
- Ethical hacking: Wireless hacking with Kismet
- Ethical hacking: How to hack a web server
- Ethical hacking: Top 6 techniques for attacking two-factor authentication
- Ethical hacking: Port interrogation tools and techniques
- Ethical hacking: Top 10 browser extensions for hacking
- Ethical hacking: Social engineering basics
- Ethical hacking: Breaking windows passwords
- Ethical hacking: Basic malware analysis tools
- Ethical hacking: How to crack long passwords
- Ethical hacking: Passive information gathering with Maltego
- Ethical hacking: Log tampering 101
- Ethical hacking: What is vulnerability identification?
- Ethical hacking: Breaking cryptography (for hackers)
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, ISC2, Cisco, Microsoft and more!
