Bob1234
@secureserver.net
 from:
Jameson 
thumbs down from:
Jameson
| Digital camera a security risk? Let's say I take a picture with my digital camera, then upload the picture to a public forum. If someone downloads that picture, would it be possible for them to analyze the picture, determine which model camera took that picture (or at least which company manufactured the camera), find a vulnerability associated with that model, and take advantage of it? In other words, is it dangerous to post in public pictures that are taken with a digital camera that I own? All thoughts on this are welcome! If you can think of other ways a user's security could be compromised through the process of them posting a picture they took publicly, please tell me. Thanks! | |
|
 |
ezdsl
join:2002-03-13
Austin, TX
| Almost (if not all) Digital cameras embed "EXIF" information into JPG images, providing manufacturer, model, camera settings, exposure settings, etc.
But, I can't imagine any way to 'hijack your digital camera' by using this information. Your camera may be temporarily connected to your computer to upload images, possibly by USB cable, maybe BlueTooth, infrared in the old days.
There are photo editors out there which strip the EXIF images after you save them, maybe even standalone solutions.
You could even resort to getting a card reader and taking the memory card out of your camera and plugging in into the card reader to transfer photos to your computer. | |
|
 | SUMware
Premium
join:2002-05-21 | Re: Digital camera a security risk? These 'old' free tools may prove useful:
JPG Cleaner
GifClean
They can be used with Linux, too. | |
|
| | 
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| Re: Digital camera a security risk? said by SUMware :These 'old' free tools may prove useful: JPG Cleaner "Cleans" my jpg files useless. No program can get them open properly and view them after the "cleanup".
--
My computer security & privacy related homepage »www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. | |
|
| | | SUMware
Premium
join:2002-05-21
1 edit | Re: Digital camera a security risk? said by jansson_mark :said by SUMware :These 'old' free tools may prove useful: JPG Cleaner "Cleans" my jpg files useless. No program can get them open properly and view them after the "cleanup". Very unfortunate for you.
I've used both apps on many OSes from Win98, currently through XP and several Linux distros, and thousands of pic files, all with absolutely zero problems. Used both this morning.
Sorry to hear of your problems. | |
|
| |
|
Portmonkey
scurvy
Premium
join:2004-04-09
Southern IL
| There's not much reason to do it, but I use Vista to remove the EXIF data. | |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ
 ·Speakeasy
| I guess that maybe it's time to turn in my old tin foil hat and get a new model. The one I have must not be working as I don't give a hoot about the EXIF on either of my cameras nor any risk they might pose for me. I just can't be that paranoid about my life any more. It's just too short! | |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| said by Bob1234 :
. . is it dangerous to post in public pictures that are taken with a digital camera that I own?
Posting in public, pictures or no, is one of the most dangerous things a person can do in the 21st Century-- ownership details of the camera notwithstanding.
. . If you can think of other ways a user's security could be compromised through the process of them posting a picture they took publicly, please tell me. Thanks! I can.
Suppose you were to post a picture of yourself standing in front of your car and house. I can read your license plate and your street address, and notice there's a copy of the 'My Town, USA' Gazette on the front steps.
Hey! What's that over there in the corner? Why, it's a street sign with the name of your street on it!
And suppose further that you were reading your bank account and credit card statements when that picture was taken, and that account details are easily discernable within the photo.
Well, I think it's easy enough to see where this could potentailly create a problem if you were to post said photo in or at a public place.
I rest my case.
Have a nice day.  | |
|
| 
s bassaw
join:2006-06-11
New Rochelle, NY
 ·Optimum Voice
| Re: Digital camera a security risk? said by AB :said by Bob1234 :
. . is it dangerous to post in public pictures that are taken with a digital camera that I own?
Posting in public, pictures or no, is one of the most dangerous things a person can do in the 21st Century-- ownership details of the camera notwithstanding. . . If you can think of other ways a user's security could be compromised through the process of them posting a picture they took publicly, please tell me. Thanks! I can. Suppose you were to post a picture of yourself standing in front of your car and house. I can read your license plate and your street address, and notice there's a copy of the 'My Town, USA' Gazette on the front steps. Hey! What's that over there in the corner? Why, it's a street sign with the name of your street on it! And suppose further that you were reading your bank account and credit card statements when that picture was taken, and that account details are easily discernable within the photo. Well, I think it's easy enough to see where this could potentailly create a problem if you were to post said photo in or at a public place. I rest my case. Have a nice day. That's some panoramic shot ya got there! | |
|
|
| 
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
2 edits | Re: Digital camera a security risk? said by NetFixer :Unless you have privacy issues with someone knowing the brand/model of the digital camera you use and/or the timestamp information, the EXIF information is in no way a privacy or security issue. Oh yah?
EXIF can contain a thumbnail of the image, and it's often maintained even after the full image has been mucked with in photoshop.
I recall a headshot that a pretty girl posted of herself on Craigslist, and though it had been cropped, the original uncropped thumbnail was still in the EXIF. Let's just say we got to see a bit more of the pretty girl than she intended. Woot!
Likewise, that racy picture that you pixellated or added black bars to? The thumbnail didn't get those edits. Surprise! See the above sample taken from this site (examples are easy to find, but it's harder to find a "good" one that's nevertheless suitable for posting in a public forum).
It's fun to investigate pictures with my brother's online EXIF viewer, which will show thumbnails if the EXIF contains them.
This is a classic example of hidden metadata, and photographs are not immune; this makes it a security issue.
Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Tustin, California USA | my web site | |
|
| | |
| | |
| | |
| | |
| | 
rosco
Premium
join:2003-11-10
USA
·Verizon Online DSL
| I remember when Cat Schwartz from techtv had a problem where she cropped a topless photo of herself and didnt realize the whole photo was viewable in the exif thumbnail...Kevin Rose had a funny post on his site about how to not be like her and remove the EXIF info. | |
|
| | 
nfixit2004
Premium
join:2004-01-06
Brooklyn, NY
| said by Steve :said by NetFixer :Unless you have privacy issues with someone knowing the brand/model of the digital camera you use and/or the timestamp information, the EXIF information is in no way a privacy or security issue. Oh yah? EXIF can contain a thumbnail of the image, and it's often maintained even after the full image has been mucked with in photoshop. I recall a headshot that a pretty girl posted of herself on Craigslist, and though it had been cropped, the original uncropped thumbnail was still in the EXIF. Let's just say we got to see a bit more of the pretty girl than she intended. Woot! Likewise, that racy picture that you pixellated or added black bars to? The thumbnail didn't get those edits. Surprise! See the above sample taken from this site (examples are easy to find, but it's harder to find a "good" one that's nevertheless suitable for posting in a public forum). It's fun to investigate pictures with my brother's online EXIF viewer, which will show thumbnails if the EXIF contains them. This is a classic example of hidden metadata, and photographs are not immune; this makes it a security issue. Steve Wow this is something I did not know! so when you think you have blocked something out it still can be seen? is there a way to get rid of the thumbnails | |
|
| | | |
| | | |
nfixit2004
Premium
join:2004-01-06
Brooklyn, NY
| Re: Digital camera a security risk? said by NetFixer :said by nfixit2004 :Wow this is something I did not know! so when you think you have blocked something out it still can be seen? is there a way to get rid of the thumbnails If you are really troubled about publishing the EXIF information (including the EXIF thumbnails), an excellent free program can be downloaded from » www.exifer.friedemann.info/ which can save, delete, and restore EXIF information (including the EXIF thumbnails) from JPEG and TIFF images. thanks for your reply also thanks to Sentinel for the link also, my concern was what about when you post a pic and use a photo app to block out potentially private info(and everyone does this alot) it can still be seen through thumbnails, this is something that needs to be known. most people think(my self included(well until now)) once you use the paint brush tool you have lost the risk involved with posting certain pics.(not that everyone saves and opens up the thumbnails of every pic they see in an online forum). but it is something to know. also I think the makers of certain software apps( ex snagit) should pay attention to matters like this, and explain this to buyers
thanks again | |
|
| | | | | 
Sentinel
Premium
join:2001-02-07
Florida
| Re: Digital camera a security risk? Due to this topic I have been checking EXIF data using various apps for fun to see what I can find. Most is just useless camera info and I have not been able to find one thumbnail. Perhaps you have to have the program that was used to edit the pic in the first place?
I have been checking with Irfanview, default Windows picture viewer, Jasc PSP, and Nero image viewer. So far I haven't seen anything odd.
Until today. Today I found a pic that had a weird series of characters in an "artist comment" field. I could not decipher it. Irfanview would not show it, neither would PSP. But Nero showed a very long (35K) series of numbers. I don't know what it is but it is a very long series of numbers that are in pairs. Is that hex?
Anyways, I am going to keep trying to find an app that can decipher it. | |
|
| | | | | | 
AmeritecTech
Change we can believe in, 1922
Premium
join:2002-09-06
Houston, TX | Re: Digital camera a security risk? If you want to post it, we can try various things.
35K?? Jesus. | |
|
| | | | | | |
| | | | | | |
Sentinel
Premium
join:2001-02-07
Florida
| Re: Digital camera a security risk? Yeah, I tried that program with a few of my own pics to see if it displayed the thumbnail properly and it did not. It is an old program though (2002?) so maybe something newer might be better.
If you find anything let me know. I'd like to see it. | |
|
| | | | | | | 
JTM1051
Premium,MVM
join:2000-07-08
Moorpark, CA
1 edit | said by NetFixer :... I guess I am going to have to start looking for another EXIF editing program (which was primarily my purpose for using Exifer). Have you looked at Opanda?
Have a free Opanda IEXIF Viewer and PowerExif, "a professional EXIF Editor".
Edit: Noticed that the way I wrote the post it may be misunderstood that both Opanda IEXIF Viewer and PowerExif are free--sorry the PowerExif is not free.
(Comma should have been after Opanda IEXIF Viewer, not PowerExif) | |
|
| | | | | | | | |
| | | | | | | | | BandHeight
join:2004-08-30
Portland, TX
| Re: Digital camera a security risk? said by NetFixer :said by JTM1051 :Have you looked at Opanda? Have a free Opanda IEXIF Viewer and PowerExif, "a professional EXIF Editor". Thanks for the tip, I will check it out. You might want to check into ExifTool (command line tool):
»www.sno.phy.queensu.ca/~phil/exiftool/
I consider it the ultimate ... so I'd be interested in whether the thumbnail metadata that slipped by Exifer also gets by ExifTool (I doubt it ).
It will require some reading of the docs to get the most out of it, but it can be simple to use as well. Works great for me on Linux and Windows, and works on Mac as well, though I haven't tried the Mac version. | |
|
| | | |
| |
Sentinel
Premium
join:2001-02-07
Florida
| OK, hate to keep bringing this up but ... it interested me so I kept playing around with it to try to see for real what kind of a threat this really could be be. Here it what I have come up with.
After playing around with numerous pics (my own and some from the web) I have found that yeah, there are sometimes thumbnails saved with the pic depending on camera and imaging software used. However, these images are usually very very small in size and *IF* there are there at all they are very very hard to enlarge. They get pixilated very quickly and practically unviewable.
So therefore they are of minimal value. I mean if someone crops a picture and crops out a hotel in the background or something then, yeah you would see that there is a building in the background, but if you try to enlarge it to see what building you won't be able to. If they black out the eyes with a black bar then yes, you *might* be able to see the thumbnail without the bar *BUT* it will be so small and pixilated that you will not be able to make out the face.
That said I found the aforementioned pics of the lady from TV that posted the pics that had thumbnails of her topless and I have no idea how whoever got those was able to make full size reproductions of the originals. Most programs will show the full pic in the thumbnail but it will be tiny and any attempt to enlarge it will result in a useless heavily pixilated image of a glob. I don't know how they were able to make such a large size unmasked pic *unless* she eventually posted the originals herself.
Am I missing something? | |
|
| | | |
| | | |
Sentinel
Premium
join:2001-02-07
Florida
| Re: Digital camera a security risk? Wow. That's very interesting. I had no idea that different cameras could produce different size thumbnails. I will have to check that out. Thanks for that info NetFixer.
jaykaykay,
Obviously security has levels and this may rate low in most respects but higher in others depending on what kind of person you are, what you do for a living and what you use your pictures for.
This *could* be a problem for some depending on circumstances as has been already pointed out about the lady who worked at the TV station. More examples could obviously be shown. Imagine you crop a picture to cut someone out and then tell your spouse that that other person was not there? EXIF thumbnail could show you to be liar and could be admissible in court at your divorce hearing 
We could go on with hundreds of such examples. If you were sending an email and it had some code in it that was potentially descriptive you would want a way to clean it. I see this as similar. Just depends on situation and circumstances whether this is just aparlor trick or potentially harmful. | |
|
PittsPgh
join:2003-08-21
Pittsburgh, PA
| About the only problem you could have would be any extra info you provide in the EXIF info.
I know My Canon Powershot I embed an email address in the info. Something you can do with the software provided with the camera.
Besides seems most basic picture viewer programs sem to strip it all out, when resaved | |
|
|
dolphins
Miami Dolphins
Premium
join:2001-08-22
Westville, NJ
 ·Comcast
| Here's a shortened low resolution video I took from a local fire with sound.(DUH!)
See what you can do with it?
Tell me the original size of the video? Show me the girls in the original video which was over 60MB? Now show me where the video is from? longitude and latitude would be the preferred.
--
Prevent Malware | |
|
|
See 8 replies to this post |
|
dvd536
as Mr. Pink as they come
Premium
join:2001-04-27
Phoenix, AZ | Paint shop pro v7.02 will zap the EXIF. just resave the jpg.
i think its a bug.
--
You can never be too rich, too thin or have too much Bandwidth | |
|
|
ttiiggy
Premium
join:2001-03-27 | Do any cameras include GPS info with them?
I could see some potential problems if coordinates were included with every picture... | |
|
| 
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
·Callcentric
·RoadRunner Cable
·AT&T CallVantage
2 edits | Re: Digital camera a security risk? said by ttiiggy :Do any cameras include GPS info with them? I could see some potential problems if coordinates were included with every picture... See This topic in our digital imaging forum.
Ricoh makes a GPS capable camera. I'm not aware of any "hidden" GPS capabilities in any cameras, though.
Since cell phones use GPS to locate for 911 service, I could see where the built-in cameras could be configured to include coordinates in the EXIF data. At the least, the time and date EXIF data could be matched to location history if that is stored somewhere in the provider's system, which I believe it is - at least for a short time.
Cell phone experts, whaddya think? Are there any such phones out there that trap coordinates in the camera's EXIF?
--
Sive enim ad sapientiam perveniri potest, non paranda nobis solum ea, sed fruenda etiam est | |
|
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| This article »www.eurekalert.org/pub_releases/···1806.php talks about uniquely identifying digital cameras based on the different ways each individual camera distorts the images.
This does not enable anyone to find you or your camera based on having only a photo from it. However, it could enable technicians to prove that two digital photos came from the same camera; and if they located the camera they could match the photos to it. | |
|
|
|
Bob1234
@secureserver.net
| I am amazed at the amount of replies and the depth of this discussion. I can't even begin to say how how helpful all your inputs were. There was one thing in particular that I did notice. The posts all seem to center around one part of the picture: the EXIF data. However, I am not sure this is the case for "Just Bob" 's post, which is the second one in the thread. What exactly are the "quantization tables" in a JPEG file? | |
|
| 
Khaine
join:2003-03-03
Australia
| Re: Digital camera a security risk? said by Bob1234 :
What exactly are the "quantization tables" in a JPEG file?
From Wikipedia:
Color quantization reduces the number of colors used in an image; this is important for displaying images on devices that support a limited number of colors and for efficiently compressing certain kinds of images. Most bitmap editors and many operating systems have built-in support for color quantization. Popular modern color quantization algorithms include the nearest color algorithm (for fixed palettes), the median cut algorithm, and an algorithm based on octrees.
It is common to combine color quantization with dithering to create an impression of a larger number of colors and eliminate banding artifacts.
Frequency quantization for image compression
The human eye is fairly good at seeing small differences in brightness over a relatively large area, but not so good at distinguishing the exact strength of a high frequency brightness variation. This fact allows one to get away with a greatly reduced amount of information in the high frequency components. This is done by simply dividing each component in the frequency domain by a constant for that component, and then rounding to the nearest integer. This is the main lossy operation in the whole process. As a result of this, it is typically the case that many of the higher frequency components are rounded to zero, and many of the rest become small positive or negative numbers.
Quantization matrices
A quantization matrix is used in combination with a DCT coefficient matrix to carry out the previously mentioned transform. Quantization matrices are often specifically designed to keep certain frequencies in the source to avoid losing image quality. Many video compression algorithms, such as Xvid and H.264/AVC allow custom matrices to be used. | |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ
·Speakeasy
| While being moderately interesting, I still find this topic going waaaaaaay too far for security for me. At this rate, I should stay in my house, lock all my doors, cover my windows, take shallow breathes, etc. while wearing my newest tin foil number covering me from top to bottom. There is nothing so secure today that will allow someone to go about daily things without being spied upon in some way, camera or otherwise. Might the question for this whole topic be just how paranoid does one want to be in daily practice?
--
JKK
Age is a very high price to pay for my maturity. If I can't stay young, I can at least stay immature!
»www.pbase.com/jaykaykay
| |
|
| 
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·AT&T Southeast
·Vonage
 ·Cingular Wireless
·AT&T CallVantage
2 edits | Re: Digital camera a security risk? said by jaykaykay :While being moderately interesting, I still find this topic going waaaaaaay too far for security for me... ...Might the question for this whole topic be just how paranoid does one want to be in daily practice? I tend to agree with that assessment. I think the subject of EXIF thumbnails being a security risk should more likely be categorized as a privacy risk.
I think the main reason that this subject was brought up was because some semi celebrity person posted a cropped image of herself on a blog, but the EXIF thumbnail showed the original nude image. In this particular case, since the person in question is supposed to be a tech guru, I would have to question whether or not this "slip up" was in fact not simply an intentional cheap publicity stunt.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. | |
|
Bob1234
@secureserver.net
| ok, i've gone back over the thread to make sure i didn't miss anything. after looking at the link that "Just Bob" provided, i'm starting to wonder if there's any way to prevent using the quantization tables and metadata embedded in the photo to find out whether the image has been edited or, especially "the make and model of the camera if the image is original or the version of Photoshop that was used to alter and re-save the image." would taking a screenshot do the job? that would create a whole new picture out of the existing picture, would it not? but i still can't help but think that this will do nothing against an error level analysis. what bothers me is that the article mentions being able to determine the make and model of the camera without EXIF data.
though i could be wrong, i'm assuming that error analysis of some kind will be possible even if i take a screenshot or use another camera to take a picture of my screen, because the colors of the picture are preserved. this might of course open the door to more advanced analysis techniques too. i'm thinking just from the lighting, contrast or other factors an expert would still be able to determine at least what camera took the picture. this is, of course going a little beyond what swhx7 mentioned, but probably wouldn't be so far fetched in light of the article JTM1051 posted.
by the way, how was arglebargle able to tell so much about dolphins merely by watching his video?
in any case, i guess i should pose a more specific question now. let's assume i take a picture or more than one picture with a digital camera. assume that i am not worried about personal information that could be revealed about me based on what was in the picture. i'm also not concerned about my credit card number being in the picture or something, and i am not concerned that people would be able to tell my geographical location based on what is in the background of the picture. so essentially, what is shown in the picture is not of concern.
given this, what other information should i try to strip out before posting a picture publicly? please also mention if there is information that is unable to be removed, such as for example factors that could allow for an error level analysis. is it just the metadata (e.g. Exif, IPTC headers, XMP, etc)? or is there more to the picture besides what is shown and the metadata? | |
|
|
See 10 replies to this post |
|
|
|
|
·
