Who is watching you?

Criminals can use embedded co-ordinates in uploaded pictures to track the exact location the picture was taken, researchers say.

Read time 4min 00sec
Posting pictures of social activities is sending an invitation to criminals.
Posting pictures of social activities is sending an invitation to criminals.

Over the past few days, the Web has been abuzz with warnings on the dangers of posting pictures from a smartphone.

From 'Posting cellphone pictures - danger!' to 'Why texting a photo could put you in serious danger' - the Web is full of these stories, and warnings litter social media sites.

Reports are saying posting pictures of social activities online is sending an invitation to criminals, because pictures posted on social networking sites have embedded longitude and latitude co-ordinates, which would let criminals know exactly where you are, and importantly, where you are not.

The worry is that criminals can use this information to commit robberies when the occupants are away from home. All they would need to do is cross-reference those GPS co-ordinates with geo-mapping tools to uncover the location.

In a research paper called 'Cybercasing the Joint: On the Privacy Implications of Geo-Tagging', lead researcher of the International Computer Science Institute, Gerald Friedland, said: "While users typically realise that sharing locations has some implications for their privacy, many are unaware of the full scope of the threat they face when doing so."

Friedlander notes, although most vendors and online services offer different levels of protection for controlling whether - and even with whom - this information is shared, most users are not aware that their files themselves contain location information in the first place.

He cited Apple's iPhone 3G that he said embeds high-precision geo-coordinates with all pictures and videos taken with its camera, unless specifically switched off.

However, publishing geo-location information is only part of the problem. The threat reaches a whole new level, he added, when other factors are taken into account. Firstly, the vast amounts of pictures and videos online make even a small relative percentage of location data enough to launch systematic privacy attacks.

Secondly, location-based search capabilities are freely available and allow everyone to sift through large volumes of geo-tagged data with little effort. Lastly, myriad location-based services and annotated maps make the correlation of findings across diverse independent sources child's play.

But is this new?

Chief security expert at Kaspersky Lab, Costin Raiu, says this is not new. He published a blog in July 2010 detailing this threat, and offered mitigation advice.

"I think the story is making the rounds again because now there a lot more smartphones and almost every new phone embeds GPS coordinates into photos by default. People are mostly unaware about such features and upload vacation photos and other photos taken with the mobile phone to online services for sharing with friends."

He suggests the problem is under the spotlight at the moment, because today, more people have smartphones, particularly smartphones with cameras and GPS functionality. Secondly, social media is a lot more active nowadays, and sharing in particular, a big phenomenon. "Fuelled by applications such as Instagram, everyone is taking photos with their mobile phone and uploading them."

Raiu said this increases the risk because cyber criminals are constantly monitoring online uploads for photos which could indicate a person's location, their home and other things which can be exploited.

He speculated that this will become an even bigger problem in the future. He said some sites, such as Facebook, remove GPS coordinates from the photos during the upload process. "I think more online photo sharing sites should follow suit, or limit the people who can see the EXIF [exchangeable image file format] data."

A culture of oversharing

Uri Rivner, VP of business development and cyber strategy at BioCatch, said people were shocked by the US's National Security Agency eavesdropping on their digital lives, asking what happened to privacy.

"But the digital world is no longer a private space, and the faster we realise it, the better. Young people share everything about their lives in social networks, check in and out of places so their exact movement is known; business people make their itineraries public so anyone can track their travels."

Rivner says there is a privacy cost attached to all of these, which people need to compare to the benefit. "I wouldn't say that sharing the geo-location of photos you've taken is the first thing that comes to my mind when I think about exposure."

Login with