Steganography is the subtle art of hiding information out in plain sight. It is a fascinating way of transmitting messages and other digital data out in the open without the risk of getting caught*. Data can also be encrypted to help add an extra layer of security. Almost any type of digital media can be used to hide any digital message. This sounds all very covert and spy-like, but what does this have to do with cyber security? Let’s dig a little deeper into what steganography is at a fundamental level and then we’ll make the correlation back to security.
The fundamentals of steganography are pretty simple. You take a message that you want to send to another person. Rather than sending the message in plain text, you hide the message in an image or any other type of digital file. How does this work? If you’ve ever done any web development or worked with colors, you may recall that every shade of color is created by manipulating the values for red, green, and blue. If you change the value of just one of those colors, then you essentially still have the same color to the naked eye, but the digital value behind it is now different. By manipulating the values in an image, you can embed something else. In the case of steganography, you would put your secret message there. The information is basically useless unless you have the key to translate the message back to the original language. Anyone else that intercepts the message has no idea what they are looking at. Even if they try to reverse engineer the message, without the key, it’s very difficult to figure out what the hidden message is.
How does this simple and effective way of hiding messages relate to security? Messages is the perhaps the simplest use case for steganography but malicious hackers can hide malicious code in their messages. There are various programs that facilitate the creation of steganography based messages. The use of these programs makes it super simple to send someone an image that contains a malicious piece of code which then can compromise a computer when the end user opens the picture. Since the image looks like any other image, and it has characteristics like any other image, most software designed to protect you from malicious attacks is ineffective. As you can see, this poses a rather difficult situation for white hat hackers because it is much more challenging to defend against an attack that you cannot see. With that said, there are however some ways to protect yourself.
When receiving any file from anyone, make sure it is from a trusted source. If you did not request something, even if it appears to be harmless, question the validity of the item. It could be containing a dangerous payload that could cause serious damage to you and your data. If you are interested in learning more about steganography, I recommend you do some research. There is a lot of technical information out there that goes deeper into the algorithms used to create, distribute, and access the hidden data. Stegeneography has been around for centuries and its style has only evolved. The concept is still the same, but the means to deliver the message has obviously changed with time. Steganography is an interesting way to stay covert and share information with anyone.