A security consultant is improving the physical security of a sensitive site and takes pictures of the unbranded building to include in the report.
Two weeks later, the security consultant misplaces the phone, which only has one hour of charge left on it.
The person who finds the phone removes the MicroSD card in an attempt to discover the owner to return it.
The person extracts the following data from the phone and EXIF data from some files: DCIM Images folder - Audio books folder - Torrentz - My TAX.xls - Consultancy HR Manual.doc - Camera: SM-G950F - Exposure time: 1/60s - Location: 3500 Lacey Road USA - Which of the following BEST describes the security problem?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The best answer to this question is C. MicroSD in not encrypted and contains geotagging information.
The security consultant took pictures of a sensitive site for a security report, but also took pictures of other personal information on the phone, including a spreadsheet file containing tax information and a company HR manual. This means that the MicroSD card contains a mixture of personal and work-related data, as mentioned in option B, but that is not the main security problem.
The biggest issue with this scenario is that the MicroSD card is not encrypted and contains geotagging information. Geotagging is the process of adding geographical identification metadata to various media such as photos, videos, and audio recordings. The EXIF data extracted from the phone indicates that the pictures were taken at 3500 Lacey Road USA, which is the location of the sensitive site the security consultant was assessing. This means that the MicroSD card contains sensitive location information that could be used to target or compromise the site's security.
Additionally, the fact that the MicroSD card is not encrypted means that anyone who finds the phone and removes the card can easily access the data stored on it, including the sensitive location information. This makes it easy for a malicious actor to exploit this information to cause harm to the sensitive site or its occupants.
Option A is partially correct since the MicroSD card does contain personal information, but the main security issue is the lack of encryption and the geotagging information. Option D is incorrect because although the MicroSD card does contain some pirated software, this is not the main security issue.