Columbia University researchers found a new way to hide information in plain text
Ddos 
Columbia Engineering Computer scientists invented a new method, FontCode, that can embed hidden information in the text without interfering with text. The FontCode creation uses font perturbation to encode information, which can then be decoded to recover the information. Unlike other methods of hiding text and documents embedded with information, this method is suitable for most fonts and document types, even when printing documents or converting to other file types. The study will be presented at SIGGRAPH in Vancouver on August 12-16.
Changxi Zheng, associate professor of computer science and the paper’s senior author said:
“While there are obvious applications for espionage, we think FontCode has even more practical uses for companies wanting to prevent document tampering or protect copyrights, and for retailers and artists wanting to embed QR codes and other metadata without altering the look or layout of a document”
Zheng led his students to create this method of text steganography, which can embed texts, metadata, URLs, or digital signatures into text documents or images, whether digital or paper-based. It works with popular font families such as Times Roman, Helvetica, and Calibri, and is compatible with most word processors (including Word and FrameMaker) and image editing and drawing programs (such as Photoshop and Illustrator). Since each letter may be disturbed, the amount of information secretly conveyed is limited only by the length of the regular text. Information uses subtle font perturbation coding—changing the stroke width, adjusting the height of the ascent and descent, or adjusting the curves of the letters o, p, and b, for example.
Hidden data using FontCode can be very difficult to detect. Even if an attacker detects a font change between two texts, it is impractical to scan every file in the company.
Data hidden using FontCode can be extremely difficult to detect. Even if an attacker detects font changes between two texts—highly unlikely given the subtlety of the perturbations—it simply isn’t practical to scan every file going and coming within a company. “Encryption is just a backup level of protection in case an attacker can detect the use of font changes to convey secret information,” says Zheng. “It’s very difficult to see the changes, so they are really hard to detect—this makes FontCode a very powerful technique to get data past existing defenses.”
The research author has submitted a patent to Columbia Technology Ventures and plans to extend FontCode to other languages and character sets, including Chinese.
“We are excited about the broad array of applications for FontCode,” said Zheng. “from document management software, to invisible QR codes, to protection of legal documents. FontCode could be a game changer..”
Suggest Reading:
FontCode: Embedding Information in Text Documents using Glyph Perturbation
Source: TechXplore
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
