Crash course: Digital steganography

You have secrets to keep? Use steganography to hide data in image or audio files.

1 2 3 Page 3
Page 3 of 3

A more versatile solution is OpenPuff 3.2 -– a freeware steganography tool that is being kept up-to-date on a regular basis (don’t let the 1998-style Fortunecity website and the retro look fool you, this tool is top notch). It supports MP3, 3gpp, Aiff, Wave and other various formats. Keep in mind: In order to be distortion-free, each MP3 file has a limited number of bytes that you can use to store data.


In the example above, we needed to select multiple MP3 files (each with about 450 Bytes to 1.8 Kbytes of available hidden storage) in order to squeeze our 5.4 Kbyte Excel file in. While that makes the amount of data a bit bulky, it also heightens the steganography effect: An outsider would need all of the MP3 files in order to even be able to detect that there’s (encrypted!) material inside.

The moment you hit “Hide Data!”, you’re good to go.

Steganography of VoIP audio streams

One of the more recent uses of steganography is to create a “covert channel” inside a regular VoIP audio stream. This real-time approach to steganography makes anyone who is tapping into a VoIP conversation record a totally different audio file. There are some proof-of-concept scenarios out there that explain and demonstrate VoVoIP (Voice-over-Voice-over-IP) and how it’s using the G.711 codec to hide real-time data in streams. Yet again, there are some challenges to face such as compensating for data packet loss or audio decoding. One tool to keep an eye on in that area is SteganRTP, once presented at the Defcon Hacker conference (PDF) and available on SourceForge, which provides a full-duplex covert channel.

Companies need to keep an eye out

Steganography is still not widely used, and in the rare instances when it is used it is hard to identify. That’s what makes it so appealing (that, and feeling like a character on 24 or X-Files for a couple of minutes). If you need to transmit data from one person to another or simply hide the very existence of that data on your hard disk, steganography in combination with encryption is a good attempt. On the other hand, enterprises need to be aware of this type of attack, as it poses a serious data leakage problem. The problem is that many companies don’t deploy countermeasures to steganography because they’re not aware of the problem.

Bottom line: it’s a technology to keep an eye on – both from the perspective of the enterprise needing to protect sensitive information, as well as the individual who wants to transmit data via one of the safest ways possible.

1 2 3 Page 3
Page 3 of 3
ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon