Emerging Tech

Blog archive
Rooting out hidden code in media files

Rooting out hidden code in media files

Until recently, steganography -- the invisible insertion of messages into image files -- was more of an intellectual exercise employed in spy novels than a real threat to organizations that don’t handle sensitive information. 

In recent months, however, steganography has gotten more sophisticated.  The Gatak/Stegoloader malware, which emerged in 2015, for example, upped the ante by hiding not just messages but malicious code within an image file.

And a Polish researcher has just made public a way of extending the principles of steganography to music files. Krzysztof Szczypiorski, a professor at the Warsaw University of Technology, dubbed his algorithm “StegIbiza,” to connote steganography used with Ibiza dance music.  StegIbiza encodes data by varying the tempo of the music in ways inaudible to humans.

In August, EndGame, a security company based in Arlington, Va., announced that it had used simple image steganography to hide command-and-control messages in plain sight within images posted to the Instagram social media site.

“The kind of signal that we used in our proof of concept was the most bare-bones simple thing,” said Hyrum Anderson, EndGame’s principal data scientist. “The point was that even the easiest thing works, even on a big platform like Instagram. ‘Stego’ has an adversarial advantage -- it’s a lot easier to generate than it is to detect.”

EndGame’s proof-of-concept, Anderson said, basically argues that detecting the presence of steganography in files -- much less determining what is encoded -- is “maybe too hard.” 

Anderson recommends taking a different approach.  “Let’s do something to all the images that would -- if they happen to contain anything bad -- destroy that content without destroying the visual content of the image,” he said.

Fortunately, embedded steganography has an Achilles’ heel.  “Stego can be very sensitive to really small changes,” Anderson explained. And compression algorithms, which throw out bits of data not needed for presenting an image or audio file, effectively negate the hidden message.  “Every time an image comes in, let’s recompress it using a variation on its original compression,” he said.  “If a message were hidden in there, it would get shoveled in the process.”

Likewise, files can be automatically compressed before leaving an organization’s network to guard against malicious steganography being inserted that may send sensitive data to third parties.

Posted by Patrick Marshall on Aug 30, 2016 at 1:49 PM


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected