We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
2,851 Tutorials

Steganography: how to hide confidential data in plain sight using SteganPEG

How to securely exchange information without encryption

Here we’re going to show you how to use software-based steganography that involves hiding files containing your secret information – which could, perhaps, be Word documents or a line drawings in Tiff format – in another file called the carrier. That carrier will typically be a JPEG file which, if it was intercepted, would appear to be nothing more than an ordinary photograph so no suspicion would be aroused.

Yet, to someone who was expecting your communication, the same software could be used to extract the hidden information. We’re going to use software called SteganPEG which is free.

See also: How to fix your photos for free

There's probably one time or another that most of us need to exchange information in the absolute knowledge that, if our communication falls into the wrong hands, it’ll be unintelligible. Usually, you'd do that using encryption software that well and truly scrambles the message so it’ll appear as gibberish to anyone but the intended recipient. In fact, even without your knowledge, details of financial transaction are often encrypted automatically before being transmitted over the Internet.

Even if you don’t have a genuine need for secure communication, though, let’s face it, there’s something fascinating about the world of secret codes and ciphers. You might have dabbled with codes as a kid and probably still find the story of the wartime code-breakers at Bletchley Park an enthralling one (if you haven't visited Bletchley Park, you should).

While encryption might prevent unauthorised access to our secret messages, if you were to send a Word file contains the text “WTNHE UUCPR HJAQW LUVHH ZIRKM”, anyone intercepting it would be in no doubt that it contained an encrypted message. Drawing attention to a message in this way is probably best avoided and, in some circumstances, sending messages that are clearly encrypted could be sufficient to land you in hot water. That's why steganography can be a better way.

In 499 BC the Persian tyrant Histiaeus wanted to send a message to Aristagoras without detection. The method he chose was ingenious. Histiaeus shaved his slave’s head, tattooed the message on his bald scalp, waited for the hair to grow back, and then sent the slave to Aristagoras on some pretence. Knowing what to expect, Aristagoras shaved the slave’s head to reveal the message. This was one of the first examples of steganography, a word that comes from the Greek for covered writing. A more modern, but not particularly high tech, parallel would be to write a message in invisible ink between the lines of a letter printed on an inkjet printer. Again, unless someone already had reason to be suspicious, this would appear to be nothing out of the ordinary.

How to use SteganPEG to hide files in a JPEG photo

1. Start up SteganPEG and select ‘Embed files into a JPEG image’. Most Steganography packages allow you to pick a password to prevent unauthorised access to the hidden data, but SteganPEG uses that password to encrypt the data before hiding it in the carrier file. So enter a password which, for maximum security, should be long and contain a mix of upper and lower case letters and figures.

SteganPEG 1

2. Now you need to choose the JPEG image into which the data will be hidden. Ideally it shouldn’t contain large areas of a uniform colour because it’s just possible that the hidden data might reveal itself in such areas. A photo of woodland would be a good choice. Click on ‘Browse…’ and select the image before clicking on ‘Go!’.

SteganPEG 2

3. Your chosen photo will be displayed, giving you a final opportunity to make sure the image is suitable. Now select or prepare the files you want to hide. They must be very much smaller than the JPEG image so text files would be suitable as would mostly textual Word files, or perhaps small monochrome line drawings. You may have to edit your files to reduce their size.

SteganPEG 3

4. Click on ‘Add files…’ and choose the files you want to hide in the JPEG image. As you add them, these are listed at the left of the window and the gauge labelled ‘Image space occupied’ shows how much hiding space remains. If you try to add a file that’s too large you’ll be warned and it’ll be automatically removed. Continue until either you’re satisfied or you’ve run out of space.

SteganPEG 4

5. Click on ‘Save Stegged Image…’ and, in the ‘Save As’ dialogue box, provide a name for the new JPEG image that will contain the hidden information. If you want to convince yourself that Steganography is secure, try opening the original JPEG image and the one containing hidden data in a photo editor and inspect them closely, zooming in as necessary. You might notice small changes but nothing suspicious.

SteganPEG 5

6. You can then send the image to someone, and give them the password separately. To read the hidden files contained in the JPEG image, they need to launch SteganPEG, choose ‘Read files from a JPEG image’ on the first page, enter the password, browse to the image with hidden data, and click on Go!.

The image will be displayed and any hidden files are listed. It's then a simple case of selecting one or more to extract, clicking on ‘Save selected’, choosing a folder and clicking Ok.

SteganPEG 6

Next page: DIY Steganography using a word processor

IDG UK Sites

Samsung Galaxy Note 4 release date, price and specs UK: Is this the actual Note 4 - video

IDG UK Sites

How Apple, Adobe, Microsoft and others have let us down over UltraHD and hiDPI screens

IDG UK Sites

How Ford designs next-generation cars at its Melbourne Design Centre

IDG UK Sites

iPhone 6 release date, rumours, video, UK price & images: iPhone launch event confirmed for 9...