Fact Check

Smartphone Pictures Pose Privacy Risks

Warning that photos taken with your smartphone can provide others with the locations of the people pictured and allow hackers to clone your phone.

Published Aug. 12, 2013

Claim:

Claim:   Photos taken with your smartphone can provide others with the locations of the people pictured and allow hackers to clone your phone.


PARTLY TRUE


Example:   [Collected via e-mail, August 2013]


WARNING!!!! If you take photos with your cell phone

"Warning" If you, your kids or grand kids take pics from your phone — WATCH THIS!

This is truly alarming — please take the time to watch. At the end they'll tell you how to set your phone so you don't run this risk!

PLEASE PASS THIS INFO TO ANYONE YOU KNOW WHO TAKES PICTURES WITH THEIR CELL OR SMART PHONE AND POSTS THEM ONLINE.

I want everyone of you to watch this and then be sure to share with all your family and friends.

It's REALLY important info, about what your posting things on your cell phones can do TO YOU!!!

Too much technology out there these days so beware ...

PLEASE TAKE THE TIME TO WATCH THIS VIDEO, AND TAKE THE RECOMMENDED PRECAUTIONS.

If you have children or grandchildren you NEED to watch this. I had no idea this could happen from taking pictures on the blackberry or cell phone. It's scary.





 

Origins:   Digital photographic devices (e.g., digital cameras, smartphones, scanners) typically use a standard known as Exchangeable image file format (Exif) that specifies how additional informational data may be stored with images as they are created. When you snap a picture with your digital camera, you may also (depending upon the type of camera and its settings) be capturing information about the date and time you took the photo, the camera type and the settings you used to take

the picture, a description of the photograph, and copyright information. All of this information is stored as metadata in the same file that holds your photo.

One of the types of data that may be stored with images created by devices that use the Exif format is location information. Many mobile phones (and some digital cameras) now have built-in GPS receivers that can record precise information about where a picture was taken in the photograph's Exif header (commonly known as geotagging). When such photographs are shared with others (by posting them on the Internet, for example), it is possible that viewers can examine the Exif metadata stored with those images to find out information such as where the pictures were taken, and use tools that map the stored GPS information to specific locations (such as a particular house or school). This poses potential privacy and security issues, especially since some users may be completely unaware that their cameras are set up to store location information by default:



The storage of location based data, in the form of Latitude and Longitude inside of images is called Geotagging; essentially tagging your photograph with the geographic location. This data is stored inside if the metadata is JPEG images and is useful for tying the photograph to a location. Want to remember exactly where you took those photographs while on vacation? This information is for you.

However, most modern digital cameras do not automatically add geolocation (Latitude and Longitude) metadata to pictures. The process for adding the geolocation data either requires specialized add on hardware, or post processing with software on the desktop after the pictures are taken.

There is a large exception to this rule: Smartphones. With the proliferation of smart phones that contain GPS locator technology inside, the cameras in these devices are already equipped with the specialized hardware to automatically add geolocation information to the pictures at the time they are taken.

Most people don't realize that the action of automatic geotagging takes place on their smart phones, either because it is enabled by default, not exposed the user as an option, or was asked and then forgotten. As a result, individuals often share too much information about their location, right down to the exact Latitude and Longitude when snapping photos with their smartphone and posting them online.


However, this isn't really a "new" danger (the news video linked above is nearly four years old), and the potential for harm is much less now than it was when the story was originally reported.
Where and how you post your photographs on the Internet makes a big difference: If you put up photographs on the Internet by directly copying them to your own web site, then geotagging might be an issue you need to take heed of. But if you use one or more of the currently popular photo-sharing and social media web sites (such as Facebook and Twitter), geotagging is not much of an issue because those sites now automatically strip some or all of the Exif metadata from uploaded pictures in order to protect user privacy. (Other sites may leave Exif metadata intact or provide users with the option of whether or not to make the Exif information from their uploaded photos available to other viewers.)

Picture-takers have a number of ways of avoiding storing location information with their photographs or eliminating it from existing pictures. Turning off your device's GPS feature is the most straightforward way: if your camera or smartphone can't use GPS to determine where you are when you take a picture, it can't store that information with your photo. After the fact, you can use an Exif metadata editor to remove or change information stored with your photographs, or you can use a photo editor or converter program to save your photographs in a format that does not support Exif metadata.

A January 2014 variant warned that hackers could not only discern your location from posted smart phone photos, but they could use information embedded in those pictures to clone your cell phone:



Share this with everyone you know! Did you know that posting a screenshot
of your cellphone on Facebook leave you open to be a victim of IDENTITY
THEFT? Every cell phone has a graphic signature embedded in the pixels
that can be easily deciphered by hackers with a simple computer program. A
screenshot can yield a person's location
information, phone number and unique SIM card ID number. It's this last
bit of information that can allow hackers to easily CLONE YOUR PHONE and
then monitor all your text messages, numbers and addresses in your contact
list, and even any credit or bank transactions you make from that phone.
If you know someone who is posting screenshots of their cell phone,
forward this to them and warn them to STOP NOW.

We are unaware of any cell phone function that embeds information in photographs that would (by itself) allow hackers to clone the cell phone used to take those photos.

Last updated:   7 January 2014

David Mikkelson founded the site now known as snopes.com back in 1994.