I was surprised when I cropped an image on Windows Phone, saved it, sent it via e-mail to a PC, and then downloaded it – and the thumbnail in the download folder was the one of original, not cropped image for a few seconds until finally it would refresh to the expected one.
Maybe I just don’t know something obvious, but because I couldn’t find any information on
image file thumbnail history,
jpg old thumbnail stored in file and similar searches, I think that while it may be a known functionality of some image formats, then surely not known widely enough by users. An unaware user might make a photo with private data, crop the private data out and send it to someone, and this private data can not only be possibly acquired from a thumbnail by the intended receiver, but the image may be traveling from hands to hands – there might be millions of images over the Internet which contain private information in old thumbnails.
Here’s some examples:
- A photo of an identity card can be watermarked for a specific company with a company’s name and a date, e.g.
Quizzacious Systems 2016/03/05, to confirm an identity of a player which forgot a password; if a support employee has evil intentions, he can take a previous thumbnail of the image, which has no watermark, and use it to confirm his identity as this person – thumbnails in extra large size actually have a comparable resolution with cheap cellphones and may be accepted as a proof of an identity at least by some companies.
- A photo of an identity card or anything else with some information censored out by black rectangles – everyone with minimum knowledge knows, that a black rectangle in some formats is not just another layer of data, but removes the original data behind it; at least that’s what I thought before discovering this vulnerability. It seems, however, that you can take a censored image and read censored data from it’s old thumbnail – the resolution might be too low for a scan of a sheet of paper, but it can be enough for something of a size of an ID.
- A photographic proof may be tested for authenticity by checking an old thumbnail and what was cropped out.
- A photo with nakedness can be censored or cropped and then get popular over the Internet.
So what I’m missing here? It seems a serious security vulnerability, something at least a common user should be well aware of, and yet I wasn’t. Microsoft answered on my e-mail:
this is not a valid vulnerability as this is by design. This functionality is also inline with cropping in Office.
However I was aware of that in case of MS Office (still many users might not be), and if you print the document to either paper or PDF the cropped data is lost; you can also use the “compress” feature and remove cropped parts of an image there. How to you deal with JPG files, though?
- Is there a tool to read old thumbnails of images?
- How to remove data from an image permanently?
- Is it just a single previous thumbnail or all previous thumbnails that are stored?
- Does it affect only thumbnails, or – as MS suggests – it works like in Office and whole original photo is stored in a file?
- Where can I read more about this issue/feature?