Emerging Tech

Blog archive
Rooting out hidden code in media files

Rooting out hidden code in media files

Until recently, steganography -- the invisible insertion of messages into image files -- was more of an intellectual exercise employed in spy novels than a real threat to organizations that don’t handle sensitive information. 

In recent months, however, steganography has gotten more sophisticated.  The Gatak/Stegoloader malware, which emerged in 2015, for example, upped the ante by hiding not just messages but malicious code within an image file.

And a Polish researcher has just made public a way of extending the principles of steganography to music files. Krzysztof Szczypiorski, a professor at the Warsaw University of Technology, dubbed his algorithm “StegIbiza,” to connote steganography used with Ibiza dance music.  StegIbiza encodes data by varying the tempo of the music in ways inaudible to humans.

In August, EndGame, a security company based in Arlington, Va., announced that it had used simple image steganography to hide command-and-control messages in plain sight within images posted to the Instagram social media site.

“The kind of signal that we used in our proof of concept was the most bare-bones simple thing,” said Hyrum Anderson, EndGame’s principal data scientist. “The point was that even the easiest thing works, even on a big platform like Instagram. ‘Stego’ has an adversarial advantage -- it’s a lot easier to generate than it is to detect.”

EndGame’s proof-of-concept, Anderson said, basically argues that detecting the presence of steganography in files -- much less determining what is encoded -- is “maybe too hard.” 

Anderson recommends taking a different approach.  “Let’s do something to all the images that would -- if they happen to contain anything bad -- destroy that content without destroying the visual content of the image,” he said.

Fortunately, embedded steganography has an Achilles’ heel.  “Stego can be very sensitive to really small changes,” Anderson explained. And compression algorithms, which throw out bits of data not needed for presenting an image or audio file, effectively negate the hidden message.  “Every time an image comes in, let’s recompress it using a variation on its original compression,” he said.  “If a message were hidden in there, it would get shoveled in the process.”

Likewise, files can be automatically compressed before leaving an organization’s network to guard against malicious steganography being inserted that may send sensitive data to third parties.

Posted by Patrick Marshall on Aug 30, 2016 at 1:49 PM


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.