Badges on Social Media

This has been an issue for several years and even as I scroll through my social media feeds, I still come across things like this:

Screen Shot 2018-08-30 at 2.15.46 PM.png

If you were to look at the comments at good ole Kermit’s request, you would see several selfies of people with their work ID’s draped clearly across their necks. “What is the big deal?” As someone who specializes in gaining access to client facilities via social-engineering and covert physical compromises, I can tell you that one of the first things I do when researching a target? Check Instagram, LinkedIn and Facebook for pictures of employee, vendor and contractor badges. Often times you will also find pictures of Security Guards posing at work, giving an attacker some insight into officer uniforms as well. It is amazing what all you can find with certain hashtags; anything from driver’s license to straight up, “Here is my work ID.”

One thing to consider is the quality of pics that we have access to these days. Our smartphones take some great photos these days. The quality a photo can expose sensitive information and a clear picture to help a would-be attacker to forge one.

You don’t need the data on the badge to replicate one and tailgate behind someone, until you can get close enough to clone one (via Proxmark3 or whatever). When combing the internet for badges and IDs, you will often come across bar codes. Bar codes are always fun to scan with a generic smartphone app bar code scanner. Just last week I noticed a friend post a picture of her old school ID, the bar code was super clear, especially since the picture was in high definition. I scanned it and let her know that her full name and social security number was exposed to the public.

So, in short, if you really have to post that work selfie, your new or old ID, etc., make sure you scrub the image first. Blur or crop out information that could be sensitive. You could be the door that lets a criminal in, so make sure that door is locked! I would also recommend considering limiting your audience to just your friends and nothing more, when sharing pictures on social media.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.