Stegosploit -

Stegosploit – Exploit inside the pixels of an image

HansolNexG product-market

Stegosploit – Exploit inside the pixels of an image

 

Stegosploit – 이미지안의 Exploit

Stegosploit – Exploit inside the pixels of an image

1. What is Stegosploit?

Stegosploit, Steganography* + Exploit, is a bug found by Saumil Shah, a security researcher at Net-Square in India. Once user loads the infected image file, the script hidden inside the image can cause serious damage depending on type of Exploit and user environment.

 

2. Features of Stegosploit

  • It is recognized just as a single image file when viewed in network traffic.
  • Since the script (a malicious code) is hidden in pixels, it is impossible to tell the difference from the appearance.
  • Only to view images, the script hidden in pixels will run automatically.
  • Everythinig is available with one single image file.

 

Stegosploit runs a polyglot, the Exploit payload and steganography file in image combining with Decoder, through the Web browser supporting HTML5 Canvas.

Steganography* : Steganography is the practice of concealing a message within another file, such as the image, or video to be undetectable by the human eye in sending it to the other party. Contrary to the existing encryption method, which protects the information by encrypting message, Steganography is the security technique hiding the existence of the security information through concealing it to the medium.

 

< A Browser Supporting HTML5 Graphics >

< The Browser Supporting HTML5 Graphics>

3. HTML5 Canvas?

The HTML5 Canvas is used for the graphics processing in HTML5, and you can also handle it without any Plug-in, such as existing Flash and Silverlight on the Web.

Canvas itself is not intended to implement the graphics. It is responsible for defining the area to implement graphic on the Web contents and implementing Canvas API using JavaScript.

 

4. The Implementation Methods

The implementation process for Stegosploit is shown below.

 

(1) Add an Exploit Payload to Bit Layer0 (LSB) of PNG file

Adding an Exploit Payload to Bit Layer 0(LSB) of PNG file is mostly used to make user impossible to find the difference with the naked eye since the image displayed in the browser have no visible distortion after Exploit Payload is added.

Stegosploit_add_exploit

 

(2) Add Decoder to previously made PNG+Exploit

 Stegosploit_add_decoder

 

(3) Upload the complete PNG file to HTML5 Canvas


Conclusion

For an image file created with the earlier version of Steganography technique, the inserted script finally runs after the image file is loaded. For Stegosploit, in contrast, if the image file of Stegosploit loaded into a browser, the script hidden in the image file triggers the exploit during loading web page. Therefore, it can damage your computer without knowing.

 

* Not infected unconditionally with generated image from Stegosploit. It is only confined to the browser and sites vulnerable to security.

 

Reference

Steganography Presentation / SyScan’15 Singapore : https://www.youtube.com/watch?v=np0mPy-EHII

Steganography Demonstration#1 : https://www.youtube.com/watch?&v=O9vSSQIZPlI

Steganography Demonstration#2 : https://www.youtube.com/watch?v=fAyuOhB4uvo

 

 

- Chi-Won Jung, Staff, Service Management Team for Managed Security Service -