Weekly Edition
Return to the Security page
| |||||||||||||
Our devices are spilling our secretsRecent news about a certain much-anticipated work of fiction being posted to the internet, in advance of its scheduled release, was not terribly surprising. The method used was, perhaps, a bit crude, and certainly time consuming, but it got the job done. Unbeknownst to the anonymous poster, their camera helpfully provided some extra information that might be used to track them down. Our devices are collecting all kinds of data about our habits and they are increasingly divulging that data in unexpected ways. In the case of the Harry Potter book, the camera serial number was recorded in the Exchangeable image file format (Exif) data of the JPEG files of each page. Based on that information, Canon, the camera's manufacturer, may be able to match the camera to its original purchaser. If the camera has been serviced in the three years since it was released, that would also create an entry matching the serial number to the owner at that time. Neither of those conclusively links a person to the "crime", if it even is a crime, but they could give any investigators a good place to start. It could have been a lot worse - some camera models have GPS capability built-in with Exif fields available to store that information on each shot. Perhaps the photo shoot happened deep enough inside some building that the GPS would not work, but over the hours it took to do that project, it seems quite possible that at least one shot would get tagged. It would be pretty easy to track down where the photos were taken if some were tagged with latitude and longitude coordinates. If it did not bring the police around, it certainly might have brought legions of Potter fans, eager to acquire the book early. GPS data encoded into each photograph that you take, is a useful feature, keeping track of where the photos were taken some years down the road after (human) memory has failed. The other Exif data, much of which is detailed information about camera settings, is probably quite useful to photographers and is much simpler than trying to keep a record of exposure settings as you take pictures. Gathering and storing the data is quite helpful, it is the unexpected disclosure that causes problems. It would be easy to ignore this problem, writing it off to an ignorant user, who should have scrubbed the Exif data before posting, but the problem comes in other guises as well. The US Secret Service evidently wants to be able to track your printer output, presumably as part of their anti-counterfeiting responsibilities, so they have convinced laser printer manufacturers to secretly add the now-famous yellow dots to each color page that is printed. Some of these codes have been cracked by the Electronic Frontier Foundation (EFF) and others, and have been found to contain model and serial numbers along with a timestamp of the print time. It is much harder to blame ignorant users when the device manufacturer actively tries to hide the fact that identifying information is being leaked. Worse yet, it appears that inquiring about this practice and asking how to turn it off can lead to a visit from the Secret Service. There is nothing quite like a visit from a federal agent to stifle dissent. The folks at Seeing Yellow have lots more information, including a plan to overwhelm the agency through sheer numbers of people asking how to turn this "feature" off. Imagine a world where the government required each person to carry a device that: knew its location via GPS, had the ability to take pictures and wireless connectivity. It is a scenario that would be ripe for abuse. In many ways, lots of people already, voluntarily, live in that world as cell phones have all those characteristics. It is not inconceivable that the cell phone manufacturers have already had a visit, from the Department of Homeland Security (DHS) or some other three-letter agency of the government, asking for help in the "War on Terror." The devices are certainly capable of reporting location (possibly with a helpful photo of people in the vicinity) back to the carrier and through them to the DHS. Probably, hopefully, that is not (yet?) happening, but there is no real technical barrier. If we ratchet the paranoia level down a notch, cell phones, in particular smart phones, still pose an enormous target for the criminal world. Subverting phones that have cameras and GPS, to run them under the control of an attacker, makes an incredible surveillance tool. By using the same kinds of techniques that are used to spread viruses and spyware today, it should not be difficult to get targets to willingly perform actions that will lead to the subversion of their phone. From there, the attacker can get all of the call records, photos, calendar items and contacts while directing the phone to transmit its location every minute to the attacker. Not only could this kind of information be used by stalkers, muggers and other criminals, this same capability could be used by lovers or employers to track people, keeping tabs on their movements and contacts. Rather than hire a private investigator, a jealous husband or wife might just borrow the other's phone, surf to a spyware site, and install a tracking program themselves. The opportunities are endless and exceedingly frightening for anyone concerned about privacy in today's world. There are no easy answers on how to protect oneself against these unintentional data leaks. The organizations and individuals interested in collecting the data are doubly interested in concealing the fact that they are doing it, but, worse still, it is difficult for users to detect. If a cell phone is sending a short burst of encrypted information every minute, how would the average user, or even a sophisticated lab, detect and decode that data? If someone had not stumbled upon the yellow dots, we might be printing traceable documents, in blissful ignorance, to this day. What other, similar kinds of tracking are going on that we do not yet know about? Free software can certainly help with this problem, but it is no panacea. Being able to replace the software in a device, with code that can be scrutinized and built before installing, is a good way to know what the device will do. Getting code that is vouched for by a trusted group, also serves to alleviate privacy leakage concerns. That is not the end of the story, unfortunately, as the hardware itself may be the culprit. Laser printer hardware is likely responsible for the identifying information in the output, making it rather difficult to replace. It is extremely difficult to know what the hardware in other devices might be doing behind our backs. The truly paranoid will not be willing to trust any hardware they did not build themselves, perhaps from individual transistors, while trying to figure out how to trust the compiler. For the rest of us, open platforms, like OpenMoko, with free software and hardware, may provide reasons to believe that our data is protected; unless, of course, the device gets stolen or lost - encryption anyone? (Log in to post comments)
Our devices are spilling our secrets Posted Aug 2, 2007 2:37 UTC (Thu) by freemars (subscriber, #4235) [Link] Add to the list smart cards paying for toll roads, bridges, subways... which are often 'charged up' with a credit card.
There is much to be said for pay-as-you-go cell phones, paid for in cash, with additional minutes paid for in cash. They're marketed for pre-teens, but useful to privacy buffs.
Our devices are spilling our secrets Posted Aug 2, 2007 5:10 UTC (Thu) by jamesh (guest, #1159) [Link] Prepaid SIM cards are not untraceable everywhere. When I bought my first phone on a prepaid plan, they needed to see a drivers license or passport before selling it to me. They then recorded the serial number along with the number from my ID. This is a government requirement in Australia.
Our devices are spilling our secrets Posted Aug 2, 2007 3:36 UTC (Thu) by mattdm (subscriber, #18) [Link] All digital cameras have built-in "yellow dots", because the noise pattern from each individual sensor is like a fingerprint. It's only a matter of time before this becomes a privacy issue.
Our devices are spilling our secrets Posted Aug 2, 2007 4:04 UTC (Thu) by ncm (subscriber, #165) [Link] ... if in fact it hasn't already. There's nothing to prevent camera (and cellphone) manufacturers from recording the fingerprint of each device before shipping it, and they could have been doing it for years already.
I wonder to what degree resampling obscures the fingerprint.
Our devices are spilling our secrets Posted Aug 9, 2007 9:41 UTC (Thu) by pimlottc (guest, #44833) [Link] Very interesting, I hadn't heard this before. But I imagine it would require a decent number of images to analyzed (granted, not a problem in the Harry Potter case). And I'd guess it would be very easy to alter the fingerprint with a few simple GIMP/Photoshop filters.
exif the "dna" of photographs? huh? Posted Aug 2, 2007 18:18 UTC (Thu) by nettings (subscriber, #429) [Link] i just wondered exactly how clueless that canon guy quoted in the times online article is... "Every image that is taken on a digital camera contains Exif data, which holds information about the picture such as zoom, contrast, focus and 'distance to subject' measurements. It is typically used for 'trouble-shooting', so an owner can ascertain why a picture may not have worked, but it also enables a court, for instance, to establish whether a picture has been digitally altered. 'The Exif data is like the picture's DNA; you can't switch it off. Every image has it. Some software can be used to strip or edit the information, but you can't edit every field,' Mr Solomon said." afaik, there is no cryptographic hash involved in exif data, right? and even if it were, tamper-evidence would require a private vendor key in the camera which is certainly easy to extract and fake... so are these people really propagating the assumption that people will not be able to edit a couple of more-or-less plaintext fields? reminds me of our innenminister's latest coup: the online search warrant that basically enables the feds to place a trojan on my computer. strikes me as profiling: we only go after those people too stupid to take simple and obvious countermeasures... i knew these linux users have something to hide....
exif the "dna" of photographs? huh? Posted Aug 4, 2007 19:26 UTC (Sat) by giraffedata (subscriber, #1954) [Link] Right. EXIF does not include any kind of signature. Canon's Solomon probably is clueless about EXIF, but his point is somewhat valid. While it's true that a Linux hacker can make the EXIF tags say whatever he wants, there probably is not a widely available, easy to use EXIF editor for Windows, which means the vast majority of pictures taken will make it to court with a valid modification datetime tag. Though a court can't use the EXIF data as absolute proof in favor of the guy who submitted the photograph, it can use it as absolute proof against him.
Our devices are spilling our secrets Posted Aug 2, 2007 20:28 UTC (Thu) by dmarti (subscriber, #11625) [Link] The biggest threat would be a jealous spouse or lover who works for Homeland Security and abuses his or her privileged access. (DMV employees have been busted doing personal record searches.)
So the lesson is: Just to be on the safe side, never date anyone who works for Homeland Security.
Our devices are spilling our secrets Posted Aug 2, 2007 20:39 UTC (Thu) by smoogen (subscriber, #97) [Link] or date anyone who works for any federal government agency (DHS is probably less likely to have done the visit than say Treasury/FBI/DOD), any state agency (DMV as you mentioned can do similar things in many states)... or anyone who works for a credit card tracking company as they are the real beneficiaries and probably collecting the information quite legally because people sign away so much when they get a bank account, credit card, etc... or the phone company or a billion other places.
Every day I see Scott McNeally is truer and truer...
http://sfgate.com/cgi-bin/article.cgi?file=/chronicle/arc...
Q: A couple of years ago you made some comments about privacy -- and the lack thereof -- that were widely printed. That was amazingly pre-Patriot Act and pre-9/11. Do you stick by that notion? Should we not be worried about having lost all our privacy?
A: I never said that, did I?
Q: You said, "You already have no privacy."
A: I said, "You have no privacy. Get over it."
Q: What did you mean by that?
A: The point I was making was someone already has your medical records. Someone has my dental records. Someone has my financial records. Someone knows just about everything about me.
Gang, do you want to refute my statement? Visa knows what you bought. You have no privacy. Get over it. That's what I said.
DHS? Posted Aug 3, 2007 0:32 UTC (Fri) by ccyoung (guest, #16340) [Link] remember most of DHS data mining is subbed out. a Halliburton date is probably much more dangerous - govt employees have rules, private company employees not so much.
|
|||||||||||||