What Is Steganography?
Steganography is the art to hide information in images, audio, or videos. It is used by black hat hackers or criminals to communicate with each other without being noticed by government agencies.
Black hat hackers use this technique to hide malicious payloads, ransomware, or viruses on the Internet. For example, an attacker used LSB method to hide ransomware or malware in the cracked software and released it on the Internet. When someone downloads that software and starts installing it. After installation, it automatically triggers the ransomware to run in the background. All the files will be encrypted, and the attacker has the password to decrypt the files. The attacker asks for ransom (money) to give the password.
There are plenty of tools available to hide secret or confidential messages in images, audio, or videos. Some of the tools are Steghide, Stegsolve, Exiftool, Binwalk, and so on.
Steganography is very similar to cryptography because both hide messages or files. It uses an encryption algorithm and a password to hide or extract files, whereas cryptography encrypts data as per the algorithm it is using and gives unreadable text.
No one can think that an image, audio, or video can contain another file inside because it looks normal in terms of pixel by pixel.
It is very useful to send encrypted messages to another person. No one can extract the data without a password. It’s also commonly used as a digital watermark to prevent the theft of images or audio files.
Various Aspects Of Steganography
There are 5 types of steganography methods are used:
- Text Method
- Image Method
- Audio Method
- Video Method
- Network or Protocol Method
Text method is the practice of hiding data inside text files. It comprises modifying the format of existing text, changing words within a document, producing random letter sequences, or constructing intelligible texts using context-free grammars. Among the approaches used to hide data in text are:
- Format Based Method
- Random and Statistical Generation
- Linguistic Method
Image method is the practice of hiding information by using the cover item as the image. Images are a popular cover source in digital steganography because the digital representation of a picture contains many bits. There are several methods for concealing information within a picture. Typical techniques include:
- Least Significant Bit Insertion
- Masking and Filtering
- Redundant Pattern Encoding
- Encrypt and Scatter
- Coding and Cosine Transformation
The secret message is encoded in an audio signal, which changes the binary sequence of the related audio file in audio method. Hiding hidden messages in digital sound is a far more complex technique than image method. This approach hides data in WAV, AU, and even MP3 audio files. Among the several ways of audio methods are:
- Least Significant Bit Encoding
- Parity Encoding
- Phase Coding
- Spread Spectrum
You may hide several types of data in digital video formats with Video Method. The benefit of this type is that a big quantity of data may be buried inside, and it is a moving stream of pictures and sounds. Consider this to be a hybrid of Image Method and Audio Method. Video Method is divided into two categories:
- Data embedding in uncompressed raw video and subsequent compression
- Data is embedded directly into the compressed data stream.
Network or Protocol Method
It is the process of embedding information inside network control protocols used in data transfer, such as TCP, UDP, and ICMP. Steganography can be used in various covert channels included in the OSI model.
For example, you can hide information in the header of a TCP/IP packet in some optional fields. These technique is widely available in today’s digitalized environment.
Different Types Of Techniques In Steganography
There are three types of popular techniques or algorithms. They are works differently and hackers them according to the situation they are working on.
- Secure Cover Selection
- Least Significant Bit
- Palette-Based Technique
Secure Cover Selection
Secure Cover Selection comprises locating the appropriate block image to transport malware. The hackers then match their preferred picture medium to the virus blocks. If an image block fits the malware, the hackers insert it into the carrier image, resulting in a duplicate picture infected with the malware. This picture is then swiftly processed by threat detection algorithms.
Least Significant Bit
In this Least Significant Bit, it refers to pixels. Grayscale picture pixels are divided into eight bits, with the eighth bit designated as the Least Significant Bit. Because the overall pixel value is dropped by one, hackers utilize this bit to encode harmful code because the human eye cannot notice the change in the image. As a result, no one is aware that something is wrong or that the image contains something hazardous.
The Palette-Based Approach, like the Least Significant Bit technique, is based on visuals. Hackers hide their messages in palette-based graphics like GIF files, making it harder for cybersecurity threat hunters and ethical hackers to spot the attack.
How Does Steganography work?
The concept of steganography is used to hide data without getting noticed by others. Least Significant Bit (LSB) is one of the most popular techniques used by attackers. In this type of technique, the hacker hides the data or file in the least significant bits of a file.
For example, the minimum size of the image is kilobytes, and the maximum will be in megabytes. The image comprises three colors that are red, green, and blue. This is known as three bytes of data. Some image formats add one more byte for transparency.
In this illustration, QR code represents the cover file such as image, and it shows that binary bits are modified. Using LSB technique.
LSB modifies the last bit of each byte to embed or hide one bit of the file. If the attacker wants to hide one megabyte of a file using this method, they need an image of eight megabytes in size. With this technique, it’s really difficult to compare the original picture to the modified one.
LSB changes the last bit of each of those bytes to hide one bit of data. So, to hide one megabyte of data using this method, you’ll need an eight-megabyte image file.
Since changing the last bit of the pixel value doesn’t change the picture enough to be seen, a person looking at the original picture and the modified picture won’t be able to tell the difference.
Online Steganography Decoder
There are various online tools available for steganography images for both encoding and decoding. They are not 100% reliable. Users can try for fun, but no one knows the algorithm is used in the background. Most of the websites are not working properly.
One steganography decoder website is hosted on GitHub and created by an anonymous person called stylesuxx. This tool is created and published in the year 2014.
Let’s see how to use this tool practically!
- Choose any image you want to use to hide the data.
- Go to the website and click on choose image under Encode tab.
- Write the hidden text.
- Click on the “Encode” button on the right side.
- After that, you will see the Binary representation of that hidden message. Ignore it.
- Go to the bottom of the website and download the image by right click and clicking on save under the “Message hidden in the image” heading.
Some Real-World Case Study
For more clarity, go through some of the real-world case study to know how this work in malicious activity.
- Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware
- Cybercriminals are using steganography to hide their code and seek industrial data
- Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files
- Threats Making WAVs – Incident Response to a Cryptomining Attack
Steganography is a very important form in the world of cybersecurity. It is essential to know everyone because hackers have to know how to send encrypted messages without knowing anyone apart from that two people. This is used in CTF competition. It is not useful as such important in bug bounty, web application testing, android application testing, etc.