Just to be clear, this post is not about political agenda. It is about document metadata.
President Elect Obama released his official photo; the first of a president taken with a Digital camera. The photographer is the new official White House photographer, Pete Souza. Take a look here. As a photography hobbyist, I’ve got to say, Mr. Souza does some nice work. But I suspect that there is more to this monumental technology occasion.
JPEG metadata!
Let’s analyze the photo with exiftool. First, let’s see if any intersting cropping has happened. Maybe he’s holding his beloved Blackberry? Let’s extract the Thumbnail image:
exiftool -b -ThumbnailImage officialportrait.jpg > thumb.jpg
How about the Preview image as well:
exiftool -b -PreviewImage officialportrait.jpg > preview.jpg
Unfortunately, nothing revealed here; the thumbnail exists and is the same as the original photo. The preview doesn’t exist and should give you an error when you try to open the output.
So let’s look deeper. If we examine the rest of the metadata we encounter other good info. Here’s the command:
exiftool -a -u -g1 -b officialportrait.jpg
Here is some of the output (shortened for readability):
---- ExifTool ---- ExifTool Version Number : 7.23 ---- File ---- File Name : obama-officialportrait.jpg Directory : . File Size : 785 kB File Modification Date/Time : 2009:01:15 10:12:02 File Type : JPEG MIME Type : image/jpeg Exif Byte Order : Big-endian (Motorola, MM) Image Width : 1916 Image Height : 2608 Encoding Process : Baseline DCT, Huffman coding Bits Per Sample : 8 Color Components : 3 Y Cb Cr Sub Sampling : YCbCr4:4:4 (1 1) ---- IFD0 ---- Image Description : Official portrait of President-elect Barack Obama on Jan. 13, 2009...(Photo by Pete Souza).. Make : Canon Camera Model Name : Canon EOS 5D Mark II Orientation : Horizontal (normal) X Resolution : 300 Y Resolution : 300 Resolution Unit : inches Software : Adobe Photoshop CS3 Macintosh Modify Date : 2009:01:13 19:35:18 Artist : Pete Souza White Point : 0.313 0.329 Primary Chromaticities : 0.64 0.33 0.3 0.6 0.15 0.06 Copyright : © 2008 Pete Souza ---- ExifIFD ---- Exposure Time : 1/125 F Number : 10.0 Exposure Program : Manual ISO : 100 Exif Version : 0221 Date/Time Original : 2009:01:13 17:38:39 Create Date : 2009:01:13 17:38:39 ... ---- Photoshop ---- Photoshop 0x0425 : ïıGâº%Årè.ë+ï¬nº XML Data : (Binary data 6160 bytes, use -b option to extract) ... ---- XMP-xmpMM ---- Instance ID : uuid:1B3097C0FCDADD11A476FD2238D714AD Document ID : uuid:1A3097C0FCDADD11A476FD2238D714AD Derived From : ... ---- ICC-header ---- Profile CMM Type : ADBE Profile Version : 2.1.0 Profile Class : Display Device Profile Color Space Data : RGB Profile Connection Space : XYZ Profile Date Time : 1999:06:03 00:00:00 Profile File Signature : acsp Primary Platform : Apple Computer Inc. CMM Flags : Not Embedded, Independent
Now we have some interesting data! Date and time of creation and modification (about 2 days from shoot, to selection, proofing and retouch to final version the 13th to the 15th). Inappropriate 2008 copyright declaration for an item created in 2009? How about creation with Photoshop CS3 on a Mac? Camera type (and potential associated “connect” software)? That looks like a couple of vectors for client side exploits there.
There are a few other goodies here the bear investigating, such as the unique uuids and the XML data from photoshop (use the -b flag for exiftool).
So how would one deliver an exploit?
The data reveals the photographer (but we already knew that) and we know he’s the new official White House photographer. A Google search for “pete souza obama” give you his website, and the Contact Info page gives you an e-mail address. Now we have a potential delivery method.
What do you think that folks will be e-mailing him about over, say the next 4 years? That history making photo? Chances are. Looks like we have something to talk about at that contact method.
But what about motivation for some? What are also the chances that the photographer will have his potentially compromised computer gear attached to networks with interesting information on them over the next 4 years? Sure, I’m sure the information on those networks is secure and segregated, but it only takes one person to make a mistake. We all know that mistakes happen.
Maybe this is evolution to the digital White House is a good thing. I think that it will take a little bit of time before the new technology catches up with some of the older rules; The government already does a good job of redacting sensitive information from documents. I think that in the coming years they will need to look deeper.
We are entering interesting times. Be careful out there. You too Mr. Souza.