Exif Privacy Part 2

Previously I discussed my concerns over EXIF privacy, specifically the part where GPS information is tagged into photos / pictures taken.

Today I had a haunting (but creative :D) thought….. what would happen if you were to use the GPS information for hacking.
Let me paint a picture. You are hosted on a photo sharing website, in which you keep yourself quite private by just disclosing your email address and photos. So I see your photos have EXIF GPS information embedded and extract this information and proceed to your email providers webpage and arrange to reset your password. The security question asked would be ‘What is your town of birth?’. Using the GPS information provided (and by dropping this into something such as google maps), I have a pretty good guess as to where this would be.
Now yes this is not 100% as people do move, but why provide the opportunity for an attacker to get a foothold?
Advertisements