What is EXIF Data?
You’ll hear this term thrown around a lot when talking about website penetration testing and data exposure. It seems people want to just toss the acronym around but not actually explain what it is (maybe they don’t know what it means).
EXIF – Exchangeable Image File Format
Confusing? No, not really.
Example: You take a picture or video with a device (phone, camera etc).
By default the manufacturer has some default EXIF data, and depending on the devices settings, if you can input a name etc, that information will be included in the image as text behind the sceens. In order to see it you have to view this meta data with a tool on your PC.
It is used as an archaic way for determining who a copyright owner may be (say you just download an image off the web and put it on your website, without modifying this EXIF data, it could be exposed and used to show you stole it. Really no longer used for that case however. And, yes this information can be changed so it’s not that accurate in regards to that, however most people don’t know EXIF data exists or what it is, so they don’t readily change it.
EXIF Data can contain GPS coordinates
As of 2014, most devices that take images will record the geo location of where the image was taken. Image uploading a bunch of photos to a social site which contain this, you share them and now people can extract that data to view exactly when and where you were/are when the picture was taken
Curious to see some of the Exif data on images/video your phone stores?
You can upload images and videos to the Thexifer.net and it will spit out he meta data for you.
Want to stay safer on the web and edit your EXif information before uploading a file?
Here’s a detailed tutorial on how to edit an image’s meta data in Windows 10