Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blocking Steganosonic Data In Phone Calls

Posted by kdawson on from the could-you-repeat-that-please dept.

psyced writes "Steganography is a technique to encode secret messages in the background noise of an audio recording or photograph. There have been attempts at steganalysis in the past, but scientists at FH St. Pölten are developing strategies to block out secret data in VoIP and even GSM phone calls by preemptively modifying background noise (link is to a Google translation of the German original) on a level that stays inaudible or invisible, yet destroys any message encoded within. I wonder if this method could be applied to hiding messages in executables, too."

2 of 185 comments (clear)

  1. Re:Can I add random noise to a .exe file...? by yoris · · Score: 5, Interesting

    Yes you can. Some examples: - replace "add 1024" with "substract -1024" - replace "if greater then 100" with "if greater then or equal to 99" - replace "copy a to b, copy c to d" by "copy c to d, copy a to b" Just have a look at any assembly language and use your imagination. To make matters even simpler, there are operators which completely ignore certain parameters (e.g. a JUMP operator which only takes 1 parameter leaves room for hidden data in the 2nd and 3rd operator field). There are plenty of instructions or combinations of instructions which leave room to such minor changes without any difference in execution. So for the steganographers, the goal would be to look for all of such instances in an executable, then agree on some kind of code (for example "add n" is a 1, "substract -n" is a 0). Semantically there is no difference, both codes will result in the exact same execution, but you found some wiggle room to leave a message. It was reported on Slashdot a few years ago.

  2. The real question is.. by lakiw · · Score: 5, Interesting
    How often do people hide data in the background noise of their phones? Is this a big enough problem that we should care about solving it? I mean, first of all you need a program to do the stego, (short of having someone talk really softly in the background). Then you would need to play back the recording during your conversation. Wouldn't it be easier for the criminal to send an encrypted e-mail instead? Given a choice, I'll pick strong crypto over stegonography any day. The only good thing about stego is it's useful if whatever authority in charge blocks all unauthorized messages.

    It's along the lines of "How do you tell if there are stego images on someone's computer?"

    Answer:You find the stego converter tool on their harddrive.