课程: Deep Dive into Open-Source Intelligence

Extracting metadata from images

课程: Deep Dive into Open-Source Intelligence

开始一个月试用

Extracting metadata from images

- [Instructor] Recently, while shopping for a used car, I laughed at the seller on Craigslist who scribbled out the street sign appearing in the photo. I wasn't laughing at the seller's lack of artistic capability. They made the effort to cross out the street name, but they left the image metadata showing their exact location. Most modern cameras, including the one on your smartphone, use something called EXIF formatting to store information on photos taken by the camera. When examining EXIF data, you'll typically see shutter speed, exposure compensation, timestamp and a lot of other technical information about how the picture was taken. When the camera is equipped with GPS, like the one on your smartphone, you'll also sometimes find incredibly accurate latitude and longitude information. The first time I heard about EXIF data, I was in my hotel room doing some late-night research after speaking at a security conference. The last picture I had taken on my phone was a photo of the sunrise on my way down to breakfast that morning. I opened an app called EXIF tool, specifically designed to view EXIF data, and to my surprise, the latitude and longitude information stored within the metadata of the image were within feet of where I took the photo. I thought maybe this was a fluke and tried it again, this time taking the photo inside my hotel room. Just as before, looking at the latitude and longitude on Google Maps, the position was within a few feet of my hotel room. From experience, the latitude and longitude information stored inside images is far more accurate than most other geolocation information that we can collect. In fact, it's even more accurate than trying to use someone's IP address to pinpoint their location. Unfortunately, not all images have GPS coordinates. Most dedicated cameras don't have GPS hardware to track the location of where the photo was taken. Without GPS coordinates, there's still some valuable information we can extract from EXIF data, such as the camera serial number. EXIF data will also display the make and model of the camera. If the target used a mobile phone to take the picture, after reviewing the EXIF data on the target's image, you'll know the make and model of their current phone. This may come in handy in later phases of the penetration test when you're tasked with deploying malware to the target's mobile phone and need to know what operating system the malware should be designed for. One of the best things about EXIF data is that most people don't even know the metadata is hiding in every image they take. So when an organization posts a picture on the company's website, or when employees post to social media, the EXIF data is sitting there and waiting for you to find it.

内容