Just to be clear, this post is not about political agenda. It is about document metadata.
President Elect Obama released his official photo; the first of a president taken with a Digital camera. The photographer is the new official White House photographer, Pete Souza. Take a look here. As a photography hobbyist, I've got to say, Mr. Souza does some nice work. But I suspect that there is more to this monumental technology occasion.
Let's analyze the photo with exiftool. First, let's see if any intersting cropping has happened. Maybe he's holding his beloved Blackberry? Let's extract the Thumbnail image:
exiftool -b -ThumbnailImage officialportrait.jpg > thumb.jpg
How about the Preview image as well:
exiftool -b -PreviewImage officialportrait.jpg > preview.jpg
Unfortunately, nothing revealed here; the thumbnail exists and is the same as the original photo. The preview doesn't exist and should give you an error when you try to open the output.
So let's look deeper. If we examine the rest of the metadata we encounter other good info. Here's the command:
exiftool -a -u -g1 -b officialportrait.jpg
Here is some of the output (shortened for readability):
---- ExifTool ----
ExifTool Version Number : 7.23
---- File ----
File Name : obama-officialportrait.jpg
Directory : .
File Size : 785 kB
File Modification Date/Time : 2009:01:15 10:12:02
File Type : JPEG
MIME Type : image/jpeg
Exif Byte Order : Big-endian (Motorola, MM)
Image Width : 1916
Image Height : 2608
Encoding Process : Baseline DCT, Huffman coding
Bits Per Sample : 8
Color Components : 3
Y Cb Cr Sub Sampling : YCbCr4:4:4 (1 1)
---- IFD0 ----
Image Description : Official portrait of President-elect Barack Obama on Jan. 13, 2009...(Photo by Pete Souza)..
Make : Canon
Camera Model Name : Canon EOS 5D Mark II
Orientation : Horizontal (normal)
X Resolution : 300
Y Resolution : 300
Resolution Unit : inches
Software : Adobe Photoshop CS3 Macintosh
Modify Date : 2009:01:13 19:35:18
Artist : Pete Souza
White Point : 0.313 0.329
Primary Chromaticities : 0.64 0.33 0.3 0.6 0.15 0.06
Copyright : ¬© 2008 Pete Souza
---- ExifIFD ----
Exposure Time : 1/125
F Number : 10.0
Exposure Program : Manual
ISO : 100
Exif Version : 0221
Date/Time Original : 2009:01:13 17:38:39
Create Date : 2009:01:13 17:38:39
---- Photoshop ----
Photoshop 0x0425 : Ó\¯ıG›%œrè.ë+ﬁnº
XML Data : (Binary data 6160 bytes, use -b option to extract)
---- XMP-xmpMM ----
Instance ID : uuid:1B3097C0FCDADD11A476FD2238D714AD
Document ID : uuid:1A3097C0FCDADD11A476FD2238D714AD
Derived From :
---- ICC-header ----
Profile CMM Type : ADBE
Profile Version : 2.1.0
Profile Class : Display Device Profile
Color Space Data : RGB
Profile Connection Space : XYZ
Profile Date Time : 1999:06:03 00:00:00
Profile File Signature : acsp
Primary Platform : Apple Computer Inc.
CMM Flags : Not Embedded, Independent
Now we have some interesting data! Date and time of creation and modification (about 2 days from shoot, to selection, proofing and retouch to final version the 13th to the 15th). Inappropriate 2008 copyright declaration for an item created in 2009? How about creation with Photoshop CS3 on a Mac? Camera type (and potential associated "connect" software)? That looks like a couple of vectors for client side exploits there.
There are a few other goodies here the bear investigating, such as the unique uuids and the XML data from photoshop (use the -b flag for exiftool).
So how would one deliver an exploit?
The data reveals the photographer (but we already knew that) and we know he's the new official White House photographer. A Google search for "pete souza obama" give you his website, and the Contact Info page gives you an e-mail address. Now we have a potential delivery method.
What do you think that folks will be e-mailing him about over, say the next 4 years? That history making photo? Chances are. Looks like we have something to talk about at that contact method.
But what about motivation for some? What are also the chances that the photographer will have his potentially compromised computer gear attached to networks with interesting information on them over the next 4 years? Sure, I'm sure the information on those networks is secure and segregated, but it only takes one person to make a mistake. We all know that mistakes happen.
Maybe this is evolution to the digital White House is a good thing. I think that it will take a little bit of time before the new technology catches up with some of the older rules; The government already does a good job of redacting sensitive information from documents. I think that in the coming years they will need to look deeper.
We are entering interesting times. Be careful out there. You too Mr. Souza.