Flame malware uses geotags to pinpoint photo location
By Stewart Mitchell
Posted on 31 May 2012 at 09:55
The Flame malware attack that has hit the Middle East and has been touted as a cyber espionage weapon can hunt down location information in pictures, according to one security expert.
Flame has been dubbed as the biggest cyber espionage discovery since the Stuxnet attack that targeted Iran's nuclear programme, and location data could be a key payload for the malware's creators.
Weapons company BAE Systems has been studying the code and discovered that among other snooping capabilities, Flame can find and extract exact geolocation data of where photographs were taken and potentially reveal the location of the infiltrated system.
Retrieving the geotagging data allows this Flame component to find GPS coordinates of the location where the pictures were taken, or with some statistical probability, where the compromised system is (has been) located
“This particular DLL component of the Flame threat is designed to locate various files in the system, read their contents and populate the SQL database with the file contents and characteristics,” said Sergei Shevchenko on the company's Stratsec research blog.
“In addition, this file is capable of collecting geographical identification metadata that may be present in the files it inspects.”
The research highlighted how many popular phones and cameras used either GPS or Wi-Fi location data to tag images.
“Retrieving the geotagging data allows this Flame component to find GPS coordinates of the location where the pictures were taken, or with some statistical probability, where the compromised system is (has been) located,” Shevchenko said.
The component was also able to locate Office, PDF and AutoCAD files and extract details such when files were created and the author, Shevchenko said.
- Is it worth upgrading a media centre to Windows 8?
- Flickr redesign: is it enough to tempt photographers back?
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?
- Ransomware that's better made than antivirus software