SRI Security Research Institute, Edith Cowan University, Perth, Western Australia
Almost since the birth of the Internet, there has been a fear that steganographically-encoded threats would be used to bring harm. Serious consideration has been given to the idea that merely downloading an image could introduce malware. Yet, for decades, evidence of this malware channel has been missing in action. There is still an unwritten assumption that images are harmless. Many vendors have implicitly avoided producing defences against steganographic threats. Is it truly impossible to make a widely harmful exploit this way or have malicious actors accepted general wisdom? Three recent papers suggest that there may be a new chapter ahead of usin this field. Practicable methods employing steganography for real world attacks are being uncovered. Early evidence supports the assertion we are seeing new developments in this field, thus far. So, are we seeing a new frontier in exploit development oris there another false dawn for steganographic threats?