Friday, November 25, 2011

Security is sometimes Unsecure


We have been getting lot of online PDF files and also consider that format to be very much secure as it is a picture format. But what i will present below are some facts, which will make you think again on the defination of Security

Stegnography : An art to hide malicious files inside picture formats. The recent terriost attacks were successfully executed with this technology. With increase in the maturity within global cyber intelligence group world wide, movement of information in a public platform without getting detected is becoming more and more critical. So this art came as a rescue, to understand this art, we need to understand that this is not a recent technology but it is very old one. But the importance, has grown with the growing strictness in global cyber law on sharing information.

The motive is simple, you need to take a picture or anything which is of embedded in nature, where the internals are not visible and then inject a malicious object inside that, is tricky. There are tools like S-Tools 4, using which you can put anything in any picture. The interface is clean, with no much jargons and one can easyly understand, how to handle the application;. The coolest part is that the injection can be done simply with dragging and droping the file into the picture. But one thing you need to keep in mind is to choose the object smaller in size as compared with the parent picture.

But this is not the same with PDF files, one cannot inject an object in that so easy. having a very condensed architecture that finding the right insertion point is very difficult. But it not that, it is safe. There is a tool called FileInsight, which opens the architecture of any online PDF. If you want to infect any online PDF, you can just open it using this tool and paste anything you need. The good part is, whatever you do, you do online, so no saving on the hard disk.

This tool takes a PDF URL and opens the entire logic in front of you, you can see everything, how the file is working or what is the logic behind the file format. You can create a small probe and paste the code in the file and send the file. I will not call this totally Stegnography, as it more on images, but i will include this as a part of the technology.

Now the question is how to detect this, open your eyes when you see any picture. The easiest way to detect this, is the change of the color schema of the picture. The % of change in the pixals will determine the type of object it is carrying. The problem is more in PDF, as no one detect the presence of an object just by seeing that. Modern day's anti-viruses also fail in detecting such probes and so even after having most advanced security technologies, fail to prevent the threat.

No comments:

Post a Comment