Pictures Worth 1000 Passwords
From the University of Illinois at Urbana-Champaign comes something you would more expect to hear from a Black Hat security conference. The researchers propose a botnet system, they call Stegobot, which could steal your information and, in a possibly drawn out process, return it to the botmaster with no security system the wiser. Unlike typical botnets that will directly report to the master, an infected computer will encode you private information into your pictures, waiting for an upload to Facebook. Once there, if an infected friend sees any of the photos, the data will be downloaded and put into their photos, ready for upload. It may take several steps, but thanks to how connected Facebook allows one to be, eventually the stolen information will be uploaded in a photo of a friend of the botmaster, allowing them access to your information. This is neither efficient nor convenient for a hacker, but encoding the information into the photos, a process called steganography, and using this transmission system would be very difficult to detect.