back to article Hidden messages buried in VoIP chatter

Polish researchers have revealed the many ways you can hide messages within the bit stream of Voip phone calls. If secret policemen didn't like Skype and its IP telephony cousins before, they'll really hate it now. Burying hidden message in internet phone calls represents the latest evolution of steganography. Steganographic …

COMMENTS

This topic is closed for new posts.
  1. Clive Galway
    Coat

    Cryptography in this article?

    "The possibility of dropping hidden messages within the lowest bits of noisy sound files is not new in itself. Wojciech Mazurczyk and Krzysztof Szczypiorski, security researchers at Warsaw University of Technology, Poland"

    Well I would have said that there was a hidden message encoded in the names of the researchers, but then I realised they were just Polish.

    Mine's the one with the Optician's chart in the pocket.

  2. Anonymous Coward
    Black Helicopters

    Hardly a candidate for a real world application...

    Hmm... OK, I can see why some people MUST might find this sort of thing BUY interesting, but let's face REGISTER it - it's hardly going to find a MERCHANDISE place in the real world now is it.

    Plus there is the problem I of using a transport mechanism that can WANT tolerate missing packets, PLAYMOBIL you need an application at the other end FOR that can do the same and with data that's CHRISTMAS going to mean a corrupted file when it gets there.

    Before you know it, the nanny state will be looking everywhere for hidden messages. They'll be using it for advertising CHOCOLATE next.

  3. Anonymous Coward
    Paris Hilton

    What's for dinner?

    I don't see the point in talking to someone on the 'phone only to have IM too? Surely people will just tell the other person what has been sent in the hidden field?

    Paris - because even she knows about steganography, public-key cryptography and hash.

  4. matt

    Megabit?

    Megabit seems like a bit of an odd unit. Maybe if you were talking about data per second but just saying 166.4 kilobytes would better. Maybe the original author (i guess you copied their units?) was trying to make it sound like more...

  5. amanfromMars Silver badge

    The Future is Brighter without Past Ignorant Losers/System Abusers

    Security is all a bit of a losing battle nowadays, don't you think. How much nicer not to have to worry about it because one has nothing to hide...... which of course may be because od something you know you shouldn't have done, but never thought there would be any chance of being found out.

    Such a shame that there is always a revealing electronic,semantic trail which takes evryone right back to original rotten source.

  6. Edward Miles

    Interesting...

    Anything that makes the governments constant encroaches into my personal details is welcome, But I don't really think I'll be using something this low bandwidth. I'll stick to my current methods of encrypting everything and sending it through normal channels. Yeah, people will be able to tell I'm sending something, but on the other hand, it wont take 30 of these convos to transmit a 5 MB file...

  7. James Pickett
    Happy

    Necessary?

    I should have thought that straight Polish (e.g. Wojciech Mazurczyk and Krzysztof Szczypiorski) was enough encoding for the CIA, who only acquired Arabic speakers relatively recently. The sheer volume of data travelling around the globe must be a pretty effective mask already...

  8. Anonymous Coward
    Anonymous Coward

    Stenography?

    "Stenography once included messages hidden "

    Nope. It once included shorthand and typing, and still does in parts of the world where this rather old-fashioned word is still used.

    Try again!

  9. Rob
    Coat

    @ Clive Galway

    You're not the only one, mate! I took one look at "Wojciech Mazurczyk and Krzysztof Szczypiorski" and my first thought was "Oh, how clever, the author's put some stego in the article..."

  10. andy
    Black Helicopters

    @Edward

    "...but on the other hand, it wont take 30 of these convos to transmit a 5 MB file..."

    But 'Suitcase nuke in Union Station, Locker 148. Attack now!' takes up a tiny fraction of 5Mb...

  11. Maurice Shakeshaft

    I know this sounds daft and defeatist but....

    the arms race between "Hiders" and Seekers" seems a bit academic and wasteful. There will always be people who want to hide data/information - whether or not they have anything to fear - it's only natural to not want others to be able to stick their noses into "your Business". That some of these people will be crims and perps is as inevitable as night follows day - but not all are and isn't there a presumption of innocence anymore?

    What are the other, better & more effective, ways of spending taxes detecting/finding/detering/stopping//.... the "bad guys" or are we all assumed to be "bad" if we wont let the state easily get at our information. In this case to "assume" does make an "Ass" out of "u & me".

  12. trackSuit
    Happy

    Turned out Nice again

    George Formby, cleaning windows? For a nosey parker, it's an interesting job.

    But what has that to do with the price of fish in Tavistock?

    Well, let us assume that someone wishes to do a bit of nose against the window stuff.

    -First put out some bait. An advert, disguised as an article in a popular tech journal, for example.

    -Next, supply a program to the underworld to 'enable secrecy over VoIP'. Be generous and make it into a nice self-installer.

    -Drop the line over the side of the ship and wait for the mackerel to bite.

    And if a message is not understood, is that the sender's fault/design, or the receivers' dusty comprehension test skills/paranoid suspicion that encryption is involved, where none exists?

  13. Steve Mann
    Coat

    Steganography

    Did anyone else spot that the word Steganograph has hidden inside it the provocative message "shag pron gate"? I think we can all see the major use to which this technique will applied on the internet.

    I also think that due to this provocative steganograph the appearance of the word "Steganograph" in an article should be accompanied by a "NSFW" flag.

    Especially in the USA.

    Disgusted of Tunbridge Wells.

  14. Tanuki
    Pirate

    When I snap my fingers.

    There is a theory which states that the 'static' you hear when a broadcast TV station or FM radio station shuts-down or when tuning between channels is not just random white-noise; it's actually covert programming radiated by a global network of KGB-funded mind-control satellites implanting subliminal messages [linked to specially-encoded trigger-sounds] deep in your cerebral cortex.

    Coat? No thanks. Hat? Sure - the foil-lined one with the Faraday-shield veil.

  15. John
    Black Helicopters

    Criminal Use

    I'm sure this and other sorts of low level encapsulation has been going on for a while now. Otherwise, how would the illuminati conduct their super secret covert world dominating operations?

  16. Anonymous Coward
    Dead Vulture

    Goons

    Anything that helps keep goons of any perversion out of my business is welcome in my book - since we're not allowed to kill the bastards.

  17. Anonymous Coward
    Anonymous Coward

    Cute - keep up the myth..

    The story re-enforces the myth that Skype is point-to-point secure.

    It would be really nice to keep up the idea that Skype is safe by publicly grumbling about it if it was in reality accessible.

    Just some public facts:

    - Skype is a US company.

    - Skype doesn't appear to get too much pressure internally from US services.

    Work from there. Have a nice day.

  18. Anonymous Coward
    Flame

    @Thad

    Unless I'm mistaken - the article reads Steganography - not Stenography - perhaps you should learn to read before you write!

  19. Anonymous Coward
    Alien

    Hmmm

    I'd make a comment - but for the fact I'd have the thought police battering down the door demanding I reveal the encryption code I obviously used to hide a message in my posting.......

    <begin encryption> TWATS! <end encryption>

  20. Andy Bright
    Alien

    Wojciech Mazurczyk and Krzysztof Szczypiorski

    You have got to be kidding me. They may be experts in cryptography, but they seem to be have incredible linguistic skills too. Explain to me how you even start to pronounce the second guy's last name.. just the first bit, it doesn't even contain a vowel until you get nearly half way through the name.

    I take my hat off to their forefathers, and to anyone that can say their names at all.

  21. Anonymous Coward
    Joke

    Wojciech Mazurczyk and Krzysztof Szczypiorski

    Aren't they the Polish Comedy Duo?

    Szczypiorski: I say, Wojciech.

    Mazurczyk: What's that, Krzysztof?

    Szczypiorski: My dog has no nose

    Mazurczyk: Oh!...How does he smell?

    Szczypiorski: Terrible!

    (It's much funnier in Polish)

  22. Graham Marsden
    Coat

    Wojciech Mazurczyk and Krzysztof Szczypiorski...

    Can I buy a vowel, please?

  23. Rich

    Anything with redundancy

    You can hide information in *any* data with redundancy. Just make sure it's random (which an encrypted stream is) and at a sufficiently low level to be indistiguishable from "natural" noise.

    Images and audio are ideal candidates.

  24. amanfromMars Silver badge
    Alien

    Polished Thinkers ....... An Enduring Enigma

    And the conclusion at the end of the pdf.... http://arxiv.org/ftp/arxiv/papers/0805/0805.2938.pdf ..... "Based on the achieved results we can conclude that total covert bandwidth for typical VoIP call is high and it is worth noting that not all steganographic methods were chosen to the experiment. So, whether we treat VoIP covert channels as a potential threat to network security or as a mean to improve VoIP functionality we must accept the fact that the number of information that we can covertly transfer is significant." ..... suggests that it is unbreakable, although I would caveat that with a "when used for all the right reasons" for whenever it is not, the slightest chink of light peeking into its hidden secrets will expose the whole folly to meltdown.

    And the single biggest folly which guarantees failure of previously supposed secure communications is the necessity to use Spin to divert/pervert attention rather than Intelligence to Lead IT.

    However, as you will have to Imagine, seeing as how Intelligence has failed so catastrophically to yet deliver anything Novel, other than more Doom and Gloom/Pains for Gains, there is an Alternate Wave working with Underground Facilities to Beta Enrich MetaDataMined Fuel ...... NEUKlearer Information Shared Transparently for ZerodDay Trading across Global Markets and Temporal Divides for Powerful Control Advantage.

  25. Sir Runcible Spoon
    Happy

    re:Krzysztof Szczypiorski

    hmm, how about "kris-toff ski-por-skee"

  26. Steen Hive
    Boffin

    @Andy Bright

    "it doesn't even contain a vowel until you get nearly half way through the name."

    I'm guessing that "Krzysztof" would best be pronounced by the English-encumbered as something approaching "Shishtof".

  27. jai

    re: Polished Thinkers ....... An Enduring Enigma

    brilliant

    so now, every skype call i make will have a slight static hiss behind it, which, when decrypted, will translate into the most recent posting by amanfromMars

    :-)

  28. Anonymous Coward
    Linux

    Snake Oil

    "The advantage of steganography over simply scrambling messages using cryptographic techniques is that potential eavesdroppers don't know what to listen to."

    That's not a noticeable advantage. If someone suspects that you're hiding information in a steganographic channel then they'll just try all the popular techniques until they find the right one. If they don't then they'll look for a different technique.

    The covert communication itself needs to be encrypted and then what you're protecting is the fact that you're communicating over the covert channel. Properly encrypting the covert channel makes it very difficult to distinguish actual the channel from genuine noise.

    Now, all I need to do is ramble for long enough to get the noise content up so that there's enough data to hide the LKJHGLKJGL sorry about that, I needed a small random pad.

  29. Anonymous Coward
    Anonymous Coward

    This article gives me an idea

    Has anyone tried using a steganography system which works by inserting spelling errors into a text stream? Particularly when using foreign names?

  30. Bill Loney
    Happy

    AMAZING!

    WOW, and I thought all that static on my Skype line was just bad programing!

  31. Somme1

    @amanfromMars

    I've long suspected that the comments from amanfromMars contain secret hidden messages

This topic is closed for new posts.

Other stories you might like