|
|
|
|
| |
| EXIF JPEG or the Exchangeable Image File (EXIF) format is an international specification that lets imaging companies encode metadata information into the headers or application segments of a JPEG file. JPEG EXIF information can sometimes contain information not included in the final image. This can cause to private information disclosure, as shown in this article. |
| |
Credit:
The information has been provided by Maximillian Dornseif.
The original article can be found at: http://tsyklon.informatik.rwth-aachen.de/redteam/advisories/rt-sa-2005-008
and http://md.hudora.de/presentations/#hiddendata-21c3
|
| |
The Laboratory for dependable Distributed Systems at RWTH Aachen University likes to raise awareness of common information disclosure via JPEG EXIF thumbnail images in common image processing software.
Digital cameras but also other device embed mini versions ("thumbnails") of the original image in a JPEG image file. Among others one reason is that while flipping through images on the cameras small display the camera does not need to decode and scale the full megapixel picture. The standard to save this thumbnail and other information within a JPEG file is called EXIF. The EXIF standard states that image processing software should leave EXIF headers it doesn't understand alone.
This means that if an image from a digital camera is edited, e.g. by making a face unrecognizable, and than the modified version is published, chances are that the thumbnail still contains the unmodified version with the unobstructed face. There might be situations where also disclosure of other information in the EXIF header, like the date and time the picture was taken or the model of the camera used, is problematic.
In a research conducted, the author found that 20% of the JPEG images on the Internet have embedded EXIF Thumbnail and about 2% have a thumbnail which our screening software considered significantly different from the original image. After human screening 0.1% can be considered to have thumbnails which are more than just boring cropping differences.
Proof of Concept:
See http://blogs.23.nu/disLEXia/stories/5751/ for some example images.
The original presentation from chaos communication congress Berlin, Germany, in December 2004 can be found at: http://md.hudora.de/presentations/forensics/HiddenData-21c3.pdf
Source code to find "interesting" images automatically can be found at:
* exif_thumb - This is some software to check for JPEGs where the embedded thumbnail differs in an interesting way from the main image. It is lab-quality software, so don't rely on it. It is written by Stevon J. Murdoch with contributions by Maximillian Dornseif.
* patched crawl - This is a web crawler that can be used to look for JPEG images and find differences between the EXIF information and the entire picurte.
History:
2003-07 tech.tv moderator incident - private parts in the thumbnail
2004-07 Maximillian Dornseif gets aware of this incident, discuss it at Defcon 12
2004-10 Steven J. Murdoch creates exif_thumb to automatically screen image. We learn that the problem is quite widespread and not an random software glitch.
2004-12-28 Dornseif & Murdoch present the results form a large scale survey of images on the internet at the 21. Chaos Communication Congress
2004-02-12 CVE number requested
2004-02-14 posted to the public as: CAN-2005-0406
|
|
|
|
|
