Hidden in Plain View

A recent security incident involving embedded executables in GIF images reminded me of the art of steganography. This is the science of hiding secret messages, often in plain sight or in a way that only intended recipients even know a message exists.

Such techniques could be as simple as writing a message using disappearing ink, or as complex as deliberately inducing errors in quantum data to encode private data (I love quantum steganography; it’s so bad [pdf]).

Here, I will describe one of many ways to hide a simple text file inside of a JPEG image. All you need to have is access to the command line and a RAR or ZIP file archiving program such as WinZip or WinRAR.

1. Make a simple text file in any text editor (for this example, we’ll call it “secret.txt”)
2. Rar or zip the text file and save it as “secret.rar” or “secret.zip”
3. Get a JPEG image (“coverimage.jpg”)
4. Open a command prompt and type: “copy /b coverimage.jpg + secret.rar newimage.jpg”

In essence, you are concatenating two binary files, with the image data at the beginning. The file “newimage.jpg” should now contain a hidden message, yet it will still appear to be a simple picture to those who don’t examine its contents. To view the message, the recipient need only open the image as if it were a regular rar or zip file and extract the concatenated compressed archive.

To illustrate, here is a very small picture of a very large grizzly bear. If opened as a rar file, the message in the embedded archive “secret.txt” can be read.

In a way, steganography is a close cousin to cryptography; they both deal with protecting and hiding information. Whereas cryptography involves scrambling information and obscuring its meaning, steganography deals primarily with hiding the fact that a message is even present.

Each Tuesday, Security Musings features a topic to help educate our readers about security. For more information about Gemini Security Solutions’ security education capabilities, contact us!