Monthly Archives: April 2013

Hide Secret Messages In Facebook Photos Using This New Chrome Extension

Secretbook is a Chrome Extension I built as a research project in Oxford University (supervised by Dr Andrew Ker - brief) which allows users to transmit completely secret messages on Facebook. These messages are hidden in photos so they cannot be scanned for keywords by Facebook or read by prying friends.

Download the extension here and then hit ctrl+alt+a on Facebook to activate the secret new functionality. Any user with the correct password and extension installed can then decode the secret message by pressing ctrl+alt+a while looking at the photo in question.

200% zoom of before and after embedding a secret message. Changes are slight enough that without access to the original it would be impossible to visually detect the message.

The extension utilises a technique known as JPEG Steganography to hide secret messages in photos by making many visually imperceptible changes to encode the secret data. This technique has been demonstrated many times in the past although this is the first time software which allows the JPEGs to be recompressed (such as when uploaded to Facebook) without damaging the secret contents has been publicly available.

Steganography tools have traditionally been complicated (and often command line based) so a core goal to this project was to make Steganography easy and accessible so more people can take advantage of the privacy it provides.

Tools to detect steganography have existed for a long time and this extension is also susceptible - the advantage in this case is that 300+ million new photos are uploaded to Facebook every day so any detection process is likely to find a huge number of false positives. In the past walled gardens have always recompressed JPEGs rendering previous steganography tools unusable – that is the true innovation this extension brings.

The goal of this project was to demonstrate a proof of concept of performing steganography on a social networks with JPEG recompression, not to provide total security. Hence this application is only suitable for casual users and is totally useless for serious applications such as terrorism since detection would not be difficult for organisations such as the NSA.

Full details of implementation are given in the following draft document.

Updated related news articles: