How Attackers Use Your Metadata Against You

February 14, 2009 – 8:47 AM

To steal your identity, a cybercriminal doesn’t have to have direct access to your bank account or other personal information. Often, he collects information about you from a variety of seemingly innocuous sources, then uses that data to map out a strategy to crack your online defenses and drain your accounts.

Such methods are well-known to security professionals. But what those same professionals often overlook is this approach also can be used to crack the defenses of sensitive business files, as well. Rather than trying to gain access to your data, itself, the bad guys are analyzing the so-called harmless information about your files — collectively known as metadata — and using it to develop attacks that can drain your business of its most sensitive information.

Metadata is a powerful feature of many document and file types, including Microsoft Office documents, PDFs, JPGs, ZIP files, and multimedia formats. Depending on the application and the file, metadata might contain information such as author names, user names, version of the software used to create the file, the user’s operating system, and sometimes even the computer’s MAC address. Armed with this data, an attacker can develop exploits that might work not only on a specific file, but on all similar file types in an enterprise.

Armed with this data, an attacker can target users, as well as the computing environment within their enterprises. Several instances of metadata mishaps have been in the news in recent years. In one case, attackers used data they collected from the “track changes” feature in Microsoft Word. In another case, they took advantage of failed attempts to black out data in PDF files.

These cases make it clear: Once your documents leave the internal network — either through email or Web publishing — those files and the metadata they contain are fair game for attackers.

Source:
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=214200389&cid=RSSfeed

You must be logged in to post a comment.