Threat Intelligence Blog

Posted August 16, 2013

The Truth, The Hype and The Implications for Physical Security Teams

A number of our Cyber Intelligence and Cyber Threat Analysts have been discussing a video that’s been making the viral rounds on social media this past week.  The video, which is actually a three-year-old news clip from a Kansas City NBC affiliate, warns viewers about the dangers of the embedded GPS data appended to photos taken by many cell phones and some location-aware cameras, a technology known as geo-tagging.
cy-image-3

So, can a photo snapped with your iPhone or Android tablet really tell some creep where your kids play soccer, or go to school, or sleep?  Well, as Snopes.com, a Web site dedicated to debunking Internet rumors (sort of a “Mythbusters” for the Web”) has put it – TRUE.

It’s not quite as frightening as the story indicates, however.  A lot has happened in the three years since that story aired on television, most notably that Facebook and Twitter now often strip the geo-tag data out of photos posted to their sites.  This does not, however, alter the fundamental concern that photos taken with location aware devices like smartphones, tablets and many cameras are, by default, tagged with geo data, and the data remain attached to those files if you post, text, email or send them almost anywhere other than Facebook and Twitter.  (If this sounds a bit esoteric, any number of free tools, sites or a free Firefox plugin will allow you to view the “EXIF” meta data, including location, appended to the photo in two mouse clicks.)

cy-image-1This has, among other concerns, significant implications for the physical safety of high profile executives, officials and celebrities.  Many of these individuals, not to mention their security teams, can fail to recognize the risks when they, or (as often happens in our experience) their children, post photos and other information online that can reveal current or future locations, plans and travel itineraries.  A recent news article detailed how Michael Dell’s teenage daughter, and her habit of posting plans, locations and photos on social media undermined a multi-million dollar physical protection regime.

cy-image-2

In fact, many children of well-to-do families don’t realize the scrutiny and exposure to which they are subject now that every one of their acquaintances has a location-aware recording device – their smartphone – in their hand at all times.  There are entire web sites dedicated just to posting photos of wealthy kids (often misbehaving) for others to oggle, criticize or spread virally.  Many of those photos are not only time and date stamped, but geo-tagged as well.

So what advice do we have for executives, celebrities and other high-profile individuals, as well as the protection details that quite literally watch their backs?  Here are some simple tips:

  1. Understand what is reality and what is hype when it comes to the risks of geo-tagged photos on the Web and social media;
  2. Educate yourselves, your clients and/or your family about these concerns through cyber safety training programs; and
  3. Check the location or application specific settings in your smartphone and tablet to see which applications and tools are using geo-tagging.

Even if you’re not a high-profile figure, but are concerned about how much personal data is out there on your or your family and how it may be used, you can use a simple click to disable the geo-tagging on photos, while leaving the useful GPS feature available for maps, driving directions and other location-aware utilities.

 

Additional Posts

Increased DDoS Attacks

What They Mean to Enterprise Companies, and Best Practices for Mitigation  By Phil Annibale, ...

Google’s Bouncer and Apple’s Vetting Process May Not Be Enough to Stop Rogue Mobile Apps

This blog is an update to our recent post about security measures designed to help prevent rogue ...