By NewsGram Staff Writer
Who would have thought that an innocent looking image file might prove to be a disastrous intruder in your personal computer?
In the new age digital world, inventions and discoveries have to be scrutinized in and out to find out their hidden attributes. One can’t be sure if a discovery is ever entirely beneficial or not.
As reported by motherboard.vice.com, Saumil Shah, a security researcher from India has devised a technique called “Stegosploit” through which a hacker could hide malicious code inside the picture’s pixels. The technique that he has put to use is known as ‘steganography’. It consists of stashing secret text or images in a different text or images.
Shah calls it the “magic sauce” behind Stegosploit. In this case, the malicious code or exploit is encoded inside the picture’s pixels, and it’s then decoded using an HTML 5 element called Canvas, which allows for dynamic rendering of images.
“I don’t need to host a blog, I don’t need to host a website at all. I don’t even need to register a domain,” Shah told Motherboard, during the demo last week. “I can take an image, upload it somewhere and if I just point you toward that image, and you load this image in a browser, it will detonate.”
Admitting that the technique might not work everywhere, Shah adds that he, himself hasn’t fully tested his technique on known image sharing sites such as Imgur or Dropbox,. The malicious file has to be uploaded without an extension for the browser to be tricked into rendering it, and some sites, such as Dropbox, don’t allow that. Moreover sites like Facebook reprocess the images when they are uploaded, causing the loss of the malicious code, according to Shah.
Still, Shah believes it’s just a matter of time and that “these techniques are coming, sooner or later.”