Steganography, where “steganos” is Greek and stands for “hidden” or “covered,” and “graph” stands for “to write”, refers to the art and science of communicating in a way that hides the existence of communication. It differs from cryptography as in cryptography, there is visible information that cannot be understood without a key, whereas in steganography, the information is not visible as it is hidden in a cover medium and passed on without revealing the presence of any secret information.
Due to the high amount of images being used and sent on the internet on a daily basis, image steganography has increased significantly as a way to cyber attack. While different techniques are being used, they all modify images and insert a code in them without changing the apparent visuals of the image. When the hacked picture, which is referred to as stego-image, is loaded by a browser, the hidden malware is automatically decoded, and the malicious code is executed. In this way, hackers can send and diffuse images on the internet, transmitting malware onto users’ devices. They use it to upload or extract information from a computer. This kind of hacking attack is especially dangerous because nowadays, opening an image is not considered risky by people.
Stegosploit
In 2015, at a hacking conference in Amsterdam, the cyber security researcher Saumil Shah presented a nowadays widespread and malicious type of steganographic malware called Stegosploit. This type of malware uses javascript and HTML and conceals it in images that are then downloaded in a browser where the code is automatically decoded and triggered. Below, the original image (right) is seen next to the one where Stegosploit was used (left), as well as the code that was hidden in the image.
Original vs Stego-image
Code encrypted in the image above
This article will focus on how hackers include information in images without it being noticeable. There are several types of methods, including spatial domain techniques, transform domain techniques and distortion techniques.
How are digital images represented on computers?
Digital images are made up of grids of pixels and each pixel is made up of binary numbers, which are called bits. The number of pixels, bits per pixel and how tightly packed the pixels are can vary and will define the image’s resolution and colour depth.
Spatial Domain Method
Several different techniques are used in image steganography, and the spatial domain method is one of the simplest and most common ones. It is characterised by a direct change in the ‘least significant bits’ in the pixel, which are the bits furthest to the right that have the most negligible effect on the colour that the pixel represents. This allows a modification of the bits imperceptible to the human eye. However, this method is not very robust since compression, cropping and image processing can destroy the hidden information.
Transform Domain Technique
Transform domain techniques are very similar to spatial domain techniques, however, they hide information in those parts of the image that are not affected by cropping, compression and image processing. This is done by changing the frequency components of an image, where frequency in an image refers to the rate of change of the intensity values of pixels over space. Different techniques can be used for this, but commonly used ones include the Discrete Wavelet Transform, the Discrete Cosine Transform and the Discrete Fourier Transform.
These transforms are used to find the lower frequency coefficients, which are the ones affected the least when an image is compressed or processed in other ways. The information is then stored in the least significant bits of these lower frequency coefficients, which makes the information stored more robust and resistant to changes in the image.
Distortion Techniques
One last type of method that is commonly used for steganography is distortion techniques. These, however, require the knowledge of the original image since the secret information is based on the changes made. Therefore, instead of finding the information stored in the least significant bits of the image, the decoder measures the differences between the original and the distorted image elements to detect the sequence of modifications and recover the secret information. For instance, this is done by allocating a 1 for each pixel different from the original image and a 0 for when they are identical, thereby transmitting a message. However, the dependence on the original image limits the benefits of this technique.
Author: Elvira Wild Martin
B.Cyber 
Leave a Reply