Paul Revere needed to send only one bit, but you may need to send more. If this technique is repeated long enough, any amount of data can be hidden. An image with 12 megapixels can store a message with 12Mb, or 1.5MB, without changing any pixel by more than one unit of red or green. Judicious use of compression can improve this dramatically. A large message like this article can be snuck into the corners of an average photo floating around the Internet.
Tweaking pixels is just one of the ways that messages can be inserted in different locations. There are dozens of methods to apply this approach -- for example, replacing words with synonyms or artfully inserting slight typographical mistakes into an article. Is that a misspelling or a secret message? All rely on inserting small, unnoticeable changes.
Steganography is not perfect or guaranteed to avoid detection. While the subtle changes to values like the red and green component may not be visible to the naked eye, clever algorithms can sometimes find the message. A number of statistical approaches can flag files with hidden messages by looking for patterns left behind by sloppy changes. The glare off of glass or chrome in a picture is usually stuffed with pixels filled with the maximum amount of red, green, and blue. If a significant number of these are just one unit less than the maximum, there's a good chance that a steganographic algorithm made changes.
These detection algorithms also have limits, and there are a number of sophisticated approaches for making the hidden messages harder to find. The scientists working on detection are playing a cat-and-mouse game with the scientists looking for better ways to hide the data.
For anyone seeking more on this, my book "Disappearing Cryptography" explores various solutions in depth, and my iPad App How to Hide Online provides interactive illustrations for trying the algorithms.
- IT's 9 biggest security threats
- 9 popular IT security practices that just don't work
- 10 crazy IT security tricks that actually work
- Malware Deep Dive Report
- Data Loss Prevention Deep Dive Report
- Insider Threat Deep Dive Report
- Malware IQ test: Round 2
- Malware IQ test: Round 1
This story, "Security through obscurity: How to cover your tracks online," was originally published at InfoWorld.com. Follow the latest developments in security at InfoWorld.com. For the latest developments in business technology news, follow InfoWorld.com on Twitter.