Emerging Tech

Blog archive
Rooting out hidden code in media files

Rooting out hidden code in media files

Until recently, steganography -- the invisible insertion of messages into image files -- was more of an intellectual exercise employed in spy novels than a real threat to organizations that don’t handle sensitive information. 

In recent months, however, steganography has gotten more sophisticated.  The Gatak/Stegoloader malware, which emerged in 2015, for example, upped the ante by hiding not just messages but malicious code within an image file.

And a Polish researcher has just made public a way of extending the principles of steganography to music files. Krzysztof Szczypiorski, a professor at the Warsaw University of Technology, dubbed his algorithm “StegIbiza,” to connote steganography used with Ibiza dance music.  StegIbiza encodes data by varying the tempo of the music in ways inaudible to humans.

In August, EndGame, a security company based in Arlington, Va., announced that it had used simple image steganography to hide command-and-control messages in plain sight within images posted to the Instagram social media site.

“The kind of signal that we used in our proof of concept was the most bare-bones simple thing,” said Hyrum Anderson, EndGame’s principal data scientist. “The point was that even the easiest thing works, even on a big platform like Instagram. ‘Stego’ has an adversarial advantage -- it’s a lot easier to generate than it is to detect.”

EndGame’s proof-of-concept, Anderson said, basically argues that detecting the presence of steganography in files -- much less determining what is encoded -- is “maybe too hard.” 

Anderson recommends taking a different approach.  “Let’s do something to all the images that would -- if they happen to contain anything bad -- destroy that content without destroying the visual content of the image,” he said.

Fortunately, embedded steganography has an Achilles’ heel.  “Stego can be very sensitive to really small changes,” Anderson explained. And compression algorithms, which throw out bits of data not needed for presenting an image or audio file, effectively negate the hidden message.  “Every time an image comes in, let’s recompress it using a variation on its original compression,” he said.  “If a message were hidden in there, it would get shoveled in the process.”

Likewise, files can be automatically compressed before leaving an organization’s network to guard against malicious steganography being inserted that may send sensitive data to third parties.

Posted by Patrick Marshall on Aug 30, 2016 at 1:49 PM


  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.