Emerging Tech

Blog archive
Rooting out hidden code in media files

Rooting out hidden code in media files

Until recently, steganography -- the invisible insertion of messages into image files -- was more of an intellectual exercise employed in spy novels than a real threat to organizations that don’t handle sensitive information. 

In recent months, however, steganography has gotten more sophisticated.  The Gatak/Stegoloader malware, which emerged in 2015, for example, upped the ante by hiding not just messages but malicious code within an image file.

And a Polish researcher has just made public a way of extending the principles of steganography to music files. Krzysztof Szczypiorski, a professor at the Warsaw University of Technology, dubbed his algorithm “StegIbiza,” to connote steganography used with Ibiza dance music.  StegIbiza encodes data by varying the tempo of the music in ways inaudible to humans.

In August, EndGame, a security company based in Arlington, Va., announced that it had used simple image steganography to hide command-and-control messages in plain sight within images posted to the Instagram social media site.

“The kind of signal that we used in our proof of concept was the most bare-bones simple thing,” said Hyrum Anderson, EndGame’s principal data scientist. “The point was that even the easiest thing works, even on a big platform like Instagram. ‘Stego’ has an adversarial advantage -- it’s a lot easier to generate than it is to detect.”

EndGame’s proof-of-concept, Anderson said, basically argues that detecting the presence of steganography in files -- much less determining what is encoded -- is “maybe too hard.” 

Anderson recommends taking a different approach.  “Let’s do something to all the images that would -- if they happen to contain anything bad -- destroy that content without destroying the visual content of the image,” he said.

Fortunately, embedded steganography has an Achilles’ heel.  “Stego can be very sensitive to really small changes,” Anderson explained. And compression algorithms, which throw out bits of data not needed for presenting an image or audio file, effectively negate the hidden message.  “Every time an image comes in, let’s recompress it using a variation on its original compression,” he said.  “If a message were hidden in there, it would get shoveled in the process.”

Likewise, files can be automatically compressed before leaving an organization’s network to guard against malicious steganography being inserted that may send sensitive data to third parties.

Posted by Patrick Marshall on Aug 30, 2016 at 1:49 PM


inside gcn

  • digital model of city (Shutterstock.com)

    Why you need a digital twin

Reader Comments

Wed, Aug 31, 2016 Paul Maryland

Interesting topic, however, "Stego" in images, has been around for a long time. there has been a trend over the past few years to move the hidden content out of the digital structure into the visual content (as described by Anderson). The defense methods of re-compressing, etc., have no impact on visual content based stego. Visual content based stego is referred to as a Semagram. a simple google search on 'Semagram' with return quite a bit. For example, see http://cec.nova.edu/research/winter_2011_poster_session/images/Paul%20S.%20Cerkez.JPG

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

resources

HTML - No Current Item Deck
  • Transforming Constituent Services with Business Process Management
  • Improving Performance in Hybrid Clouds
  • Data Center Consolidation & Energy Efficiency in Federal Facilities

More from 1105 Public Sector Media Group