Encryption, Network Security

The Metadata of Politics: Obama’s official digital photo


Just to be clear, this post is not about political agenda. It is about document metadata.
President Elect Obama released his official photo; the first of a president taken with a Digital camera. obama_frame.jpgThe photographer is the new official White House photographer, Pete Souza. Take a look here. As a photography hobbyist, I’ve got to say, Mr. Souza does some nice work. But I suspect that there is more to this monumental technology occasion.
JPEG metadata!
Let’s analyze the photo with exiftool. First, let’s see if any intersting cropping has happened. Maybe he’s holding his beloved Blackberry? Let’s extract the Thumbnail image:

exiftool -b -ThumbnailImage officialportrait.jpg > thumb.jpg

How about the Preview image as well:

exiftool -b -PreviewImage officialportrait.jpg > preview.jpg

Unfortunately, nothing revealed here; the thumbnail exists and is the same as the original photo. The preview doesn’t exist and should give you an error when you try to open the output.
So let’s look deeper. If we examine the rest of the metadata we encounter other good info. Here’s the command:

exiftool -a -u -g1 -b officialportrait.jpg

Here is some of the output (shortened for readability):

---- ExifTool ----
ExifTool Version Number         : 7.23
---- File ----
File Name                       : obama-officialportrait.jpg
Directory                       : .
File Size                       : 785 kB
File Modification Date/Time     : 2009:01:15 10:12:02
File Type                       : JPEG
MIME Type                       : image/jpeg
Exif Byte Order                 : Big-endian (Motorola, MM)
Image Width                     : 1916
Image Height                    : 2608
Encoding Process                : Baseline DCT, Huffman coding
Bits Per Sample                 : 8
Color Components                : 3
Y Cb Cr Sub Sampling            : YCbCr4:4:4 (1 1)
---- IFD0 ----
Image Description               : Official portrait of President-elect Barack Obama on Jan. 13, 2009...(Photo by Pete Souza)..
Make                            : Canon
Camera Model Name               : Canon EOS 5D Mark II
Orientation                     : Horizontal (normal)
X Resolution                    : 300
Y Resolution                    : 300
Resolution Unit                 : inches
Software                        : Adobe Photoshop CS3 Macintosh
Modify Date                     : 2009:01:13 19:35:18
Artist                          : Pete Souza
White Point                     : 0.313 0.329
Primary Chromaticities          : 0.64 0.33 0.3 0.6 0.15 0.06
Copyright                       : © 2008 Pete Souza
---- ExifIFD ----
Exposure Time                   : 1/125
F Number                        : 10.0
Exposure Program                : Manual
ISO                             : 100
Exif Version                    : 0221
Date/Time Original              : 2009:01:13 17:38:39
Create Date                     : 2009:01:13 17:38:39
---- Photoshop ----
Photoshop 0x0425                : Ó¯ıG›%œrè.ë+finº
XML Data                        : (Binary data 6160 bytes, use -b option to extract)
---- XMP-xmpMM ----
Instance ID                     : uuid:1B3097C0FCDADD11A476FD2238D714AD
Document ID                     : uuid:1A3097C0FCDADD11A476FD2238D714AD
Derived From                    :
---- ICC-header ----
Profile CMM Type                : ADBE
Profile Version                 : 2.1.0
Profile Class                   : Display Device Profile
Color Space Data                : RGB
Profile Connection Space        : XYZ
Profile Date Time               : 1999:06:03 00:00:00
Profile File Signature          : acsp
Primary Platform                : Apple Computer Inc.
CMM Flags                       : Not Embedded, Independent

Now we have some interesting data! Date and time of creation and modification (about 2 days from shoot, to selection, proofing and retouch to final version the 13th to the 15th). Inappropriate 2008 copyright declaration for an item created in 2009? How about creation with Photoshop CS3 on a Mac? Camera type (and potential associated “connect” software)? That looks like a couple of vectors for client side exploits there.
There are a few other goodies here the bear investigating, such as the unique uuids and the XML data from photoshop (use the -b flag for exiftool).
So how would one deliver an exploit?
The data reveals the photographer (but we already knew that) and we know he’s the new official White House photographer. A Google search for “pete souza obama” give you his website, and the Contact Info page gives you an e-mail address. Now we have a potential delivery method.
redaction-old-way.pngWhat do you think that folks will be e-mailing him about over, say the next 4 years? That history making photo? Chances are. Looks like we have something to talk about at that contact method.
But what about motivation for some? What are also the chances that the photographer will have his potentially compromised computer gear attached to networks with interesting information on them over the next 4 years? Sure, I’m sure the information on those networks is secure and segregated, but it only takes one person to make a mistake. We all know that mistakes happen.
Maybe this is evolution to the digital White House is a good thing. I think that it will take a little bit of time before the new technology catches up with some of the older rules; The government already does a good job of redacting sensitive information from documents. I think that in the coming years they will need to look deeper.
We are entering interesting times. Be careful out there. You too Mr. Souza.

Larry Pesce

Larry’s core specialties include hardware and wireless hacking, architectural review, and traditional pentesting. He also regularly gives talks at DEF CON, ShmooCon, DerbyCon, and various BSides. Larry holds the GAWN, GCISP, GCIH, GCFA, and ITIL certifications, and has been a certified instructor with SANS for 5 years, where he trains the industry in advanced wireless and Industrial Control Systems (ICS) hacking. Larry’s independent research for the show has led to interviews with the New York Times with MythBusters’ Adam Savage, hacking internet-connected marital aids on stage at DEFCON, and having his RFID implant cloned on stage at Shmoocon. Larry is also a Principal Instructor and Course Author for the SANS Institute for SEC617: Wireless Penetration Testing and Ethical Hacking and SEC556: IoT Penetration Testing. When not hard at work, Larry enjoys long walks on the beach weighed down by his ham radio, (DE KB1TNF), and thinking of ways to survive the impending zombie apocalypse.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.