Hiding Information in Plain Sight - Steganography

A very common theme in action movies is walking away with the stolen goods in plain sight. Although popular in movies, the subject of hiding information is often overlooked in information security. Here is an analysis of how easy it is to hide valuable information in harmless files.

The art and science of writing hidden messages in such a way that no-one apart from the sender and intended recipient even realizes there is a hidden message is known as Steganography
Generally, a steganographic message will appear to be something else: a picture, an article, a shopping list, or some other message. This apparent message is the covertext.

There are many ways to use steganography in electronic communications: A hidden text can be transported in an image, a music file, another text file, executable file or even in the TCP/IP stream.

Here is an example

The following text file is hidden within the image.
Below is the original image used for hiding the file - a standard test image also known as Lenna (a cropped image from a Playboy magazine centerfold picture of Lena Söderberg)

Below is the image of Lenna with the hidden file inside it. The only user-detectable difference is the file size. But to most users, this difference means nothing and you'll need to find the untampered image to make a comparison.

The tool
The above hiding process is completed with StegoShare. The tool is simple, straightforward and very efficient. Ofcourse, it is limited to hiding data in lossless compression images and cannot hide data in other types of files (audio, documents).

Risk Analysis
Although steganography is not widely discussed on security forums, it can be used to efficiently bypass security measures, and here is why

  • There is no straightforward detection method for finding hidden information in files unless you know exactly what you are looking for.
  • There are multitude of open source tools for steganography that run in user space - no need for installation on the computer
  • There are numerous channels by which a hidden file is able to transit (web, e-mail, usb, printout...)

Talkback and comments are most welcome


your "Health Assistant" said...

Happy Healthy New Year to you and your family!!!

DiabloHorn said...

Nice article, I lost the link to a paper describing a fairly simple defense against this kind of information smuggling. Basically it cuts all the low bits from images/audio/video files, cause since the person won't notice they are missing(just like they don't notice they are altered) the info also gets lost and hopefully nothing is smuggled out/in. in the case where steno is used to smuggle information out/in.

Jason said...

Great post! I have messed around with hiding files in pictures in the past. It's a pretty neat idea that most people don't know about.

robbinssabinamn said...

good After installing the software you can begin the applying snaptube on computer Andy emulator. open Snaptube would not frustrate its users, as it comes SnapTube Download PC nice.

harrymackay said...

good Videos on your machine. It is normally a no cost iphone app mobdro pc Enjoy free online video tutorial streaming on your Android/iPhone/iPad products. nice.

Festival Blog said...

nice post...!!! Happy Dussehra

Festival Blog said...

amazing Happy Dussehra Wishes
Happy Dhanteras Images
Karwa Chauth Images
happy diwali wishes

dunncandace said...

Great On the search rod type Tutu App apk download and harness on the search button. tutuapp ios the iphone app end user program is very convenient and receptive Nice.

HannahAMueller said...

Great your needs before you pay for it. If you like a Kodi Chromecast application in your Android Smart device or Fine.

Mobdro said...

Mobdro firestick Download

Ethel Graff said...

good to download and install for PC. Peggo allows you to http://peggoapp.com/ easy to set up. Much less memory called for saving the nice.

Designed by Posicionamiento Web