In recent years it has been noticeable that the amount of people carrying a smart phone has increased exponentially. This is down to their low price and availability; even children as young as 12 have a smart phone. However, most people who own a smart phone are not aware of the data hidden in even the simplest and most innocent things they do on their phones. This includes armed forces staff. This article will look at the issues and possible repercussions of the availability of such easily obtained data.
Let’s consider a scenario: in this case an armed forces staff member is on patrol. they take a picture of themselves and upload it to a social media. Their personal profile on this site is not secured or has limited access that allows anyone to view their photos. A militant group happens to be doing some research on their “enemy”. They use advanced search on Google then happen use the correct collection of words or phrases, and just happens to find this picture. What could possibly happen?
First off, the basics:
What is a geotag?
The method of geotagging is the addition of geographical data into the meta data of an object, in this case a picture that has been taken by armed services personnel.
A geotag on a photograph from an Iphone, for example, captures the GPS coordinates of the location it was taken using Longitude and Latitude.
Obtaining geotag information
Using free tools that are widely available on the internet it can take seconds to reveal the geotag information. It requires very little effort and absolutely no training. Ideal for militant groups who would want to find this information relatively quickly.
Below is an example and for this example I will be using a picture of the blue ball in snooker, but imagine this photo was a team photo taken in a base on foreign soil.
Here I’m using Evigator’s TAGView software
(available @ http://www.evigator.com/)
1 – Locate the image and open it using the Open Image Icon.
2 – Press Open
3 – The Image will be analysed and you will have a screen similar to below:
4 – Sample data from the analysed picture.
As you can see from the above, highlighted is the geotag data & various information about the device the picture was taken on. Also note the mapped location of where it was taken. To get this information was less than 3 seconds once loaded into the program.
Security Risks & Repercussions
So what are the security risks? Well, as already pointed out the information could reveal any number of things: barracks, bases, patrol points or even patrol patterns. This information not only puts the staff member who uploads the pictures in danger but their entire deployment group.
Potential death is not the only issue, with profiles being insecure it could lead to that one member being profiled by the militant group, this then leading to potential blackmail, kidnap or endangering family members.
What should the armed forces be doing?
There are many things the armed forces could be doing. The key thing to do is offer the training necessary to remind their staff of the issues of geotags and smart phones. They could put a ban on any personal phones completely. However, some service men and woman would still find a way to take them into active duty.
A one hour basic training session that shows the dangers is all that is needed. The session could cover basic security settings of their social networking profiles and turning off the location services on any of their devices.
A one hour session could be the difference between life and death in most cases during deployment.
This article has been geared towards the idea of militant groups, however its not just militant groups, it could be anyone; stalkers, thieves, even an enraged ex could use these techniques.
Part 2 will be released soon.
A very interesting read thanks.
Hi Ben, Thanks for the comment and I’m glad you found it interesting. As you could tell this was all purely theoretical. If you are interested I may be writing another article soon hopefully with David Benford that shows just how easy this information is obtained using a case study.
Larger social media sites like Facebook, Twitter and LinkedIn strip EXIF data out of the pictures that are uploaded to them. I’m not sure about other sites like MySpace or Tumblr.
Hi, Thanks for your comments, I am aware Facebook, LinkedIn and various other sites do a lot to remove the exif data.
Im currently in the process of writing part two using a case study / studies keep an eye out for that soon. Hopefully in the next few weeks or so.
Amazing article keep it up, very interesting
Hi SJ, Thanks for the kind words. Part 2 is taking a little longer than expected I must admit. However i am looking at taking this article in a new direction whilst working with a local Zoo. Keep checking back im always looking at new ideas for articles. Hopefully some co-written ones will be coming soon too.
Hi there,
An interesting article on geotags on mobile devices. Actually, i was in a middle of researching relating to geodata in the mobile technology until I discovered this interesting article. Well, I’ve never heard of Tagview app till now, and I was quite surprise that even apps could able to track down the geographical co-ordinates based on the files or images.
Hi Danial,
Thank you for your kind words. They are very much appreciated. If you ever want to ask any questions please feel free to message me through ForensicFocus. I will be more than happy to help where i can.
Hi Ashley,
You’re welcome, and I’ve dropped you a PM relating to my research area of geodata. You can reply whenever you can. Thank you.
Hi Ashley,
I just want to let you know that I’ve replied your PM that you’ve send and I’m not sure that you’ve received a notification from my previous PM reply.
Thanks.