Blog

Wipe your metadata !

By definition, metadata is data about data, the information describing some data bits.

 

What's this metadata thing ?

By definition, metadata is data about data, information describing some data bits.

Metadata can take various forms :

  • EXIF info in digital photographs (camera model, exposure, flash duration, GPS coordinates ..)
  • Author, creator, platform, software in most digital documents
  • Date and time of a network stream (e.g. telephone/VoIP call)
  • Recognizable items in a data stream (e.g. a monument on a photograph (or a face ..))

In about every document on the internet, there are some bits of metadata, mostly harmless.

Most of the metadata you'll be able to deal with is standardized (e.g. EXIF metadata which is an embedded XML scheme, conforming to a proper specification), thus wipeable.

Deep analysis of images (color histograms, black magic, exact dimensions, subpixel hinting) can reveal information about a digital document, but this information is not in the metadata, it's in the data itself. Thus it will not be covered. (Anyway, i'll advise you to disable «ClearType» hinting on microsoft windows)

Metadata purpose isn't only infoleak, it's also information. If your favorite media player can download the jacket of the album you're listening to, it's thanks to the gentle metadata in your media files. Printers can adjust wisely color levels according to color reproduction curves embedded in some .jpeg files.

Excellent relative article : https://www.wefightcensorship.org/article/metadata-your-files-talk-youhtml.html

Why metadata matters :

When unwanted, the infoleak caused my metadata can be deadly.

Apple embed a lot of data by default in iPhones photographs. Even the uptime is recorded ! Combined with the shoot timestamp, everybody knows when you turned up your phone with a single picture.

The example below is taken from a selfie shot after a long flight to a foreign country. We can deduct when the phone has been turned up, thus what flight took our friend. Because it's our friend and we want him no harm, of course.

Make              : Apple
Camera Model Name : iPhone 5c
Software          : GIMP 2.8.2
Modify Date       : (redacted)
Date Time         : (redacted)
Run Time Since Power Up : 18:26:12

Other examples can be found here :

http://www.digitalconfidence.com/the-importance-of-using-metadata-removal-software.html

http://www.nytimes.com/2010/08/12/technology/personaltech/12basics.html?_r=2&

Catherine Schartz (american TV presenter) posted two `safe for work` cropped topless selfies, but the embedded thumbnails in the metadata  weren't cropped. Her breasts ended upon the internet (pixelated, but on the internet).

«Creepy» is an OSINT (Open Source Intelligence, ~ google searching) tool which « offers geolocation information gathering through social networking platforms ». It's as simple as «enter an username, get postal address». Have a try on yourself, and FE4R§§.

AnonW0rmer posted a picture of his girlfriend, despite being actively tracked down by the FBI :

boobs

Embedded GPS coordinates in EXIF metadata -> pwned.

How to play with metadata :

1. Wipe all the metadata \:D/

'mat', the Metadata Anonymisation Toolkit is an excellent tool : https://mat.boum.org/

Unfortunately, windows users run Microsoft Windows and packaging tools for Microsoft Windows without writing everything from scratch in some Microsoft Whatever Editor is hard. mat is only packaged for debian-based OS.

Jhead (http://www.sentex.net/~mwandel/jhead/) is a cross-platform command-line tool. It has the cool -purejpg option which "

  Delete all JPEG sections that aren't necessary for rendering the image. Strips any metadata that various applications may have left in the image

Steelbytes producted a little program to erase metadata, it works on windows, and even has a GUI \😄/. http://www.steelbytes.com/?mid=30

Another windows GUI for wiping : http://www.rlvision.com/exif/about.asp

An abandoned project, but working executable for wiping metadata : http://www.ghacks.net/2012/05/15/remove-photo-metadata-with-metanull/

2 View, edit, forge metadata

The excellent ``exiftool'' : http://www.sno.phy.queensu.ca/~phil/exiftool/

Exiv2 is quiet cool too : http://www.exiv2.org/download.html

Hachoir is an excellent library for parsing files, and has a small metadata-oriented interface : https://bitbucket.org/haypo/hachoir/wiki/hachoir-metadata

Firefox has an addon showing EXIF metadata if images : https://addons.mozilla.org/en/firefox/addon/exif-viewer/

The 'metadata extraction tool' (a National Library of New Zealand project) can generate big xml reports for a lot of documents : http://meta-extractor.sourceforge.net/

3 Practice !

Let's play where's McAfee with this photo :

(photo gently taken from http://nakedsecurity.sophos.com/2012/12/03/john-mcafee-location-exif/)

Comments are closed.