{"id":12351,"date":"2018-05-20T10:45:04","date_gmt":"2018-05-20T18:45:04","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2018\/05\/20\/news-6120\/"},"modified":"2018-05-20T10:45:04","modified_gmt":"2018-05-20T18:45:04","slug":"news-6120","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2018\/05\/20\/news-6120\/","title":{"rendered":"You Can Send Invisible Messages With Subtle Font Tweaks"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/media.wired.com\/photos\/5afe1cc38154d3076bfdd582\/master\/pass\/Hidden-Messages.png\"\/><\/p>\n<p><strong>Credit to Author: Lily Hay Newman| Date: Sun, 20 May 2018 11:00:00 +0000<\/strong><\/p>\n<p><span class=\"lede\">If you\u2019re grasping <\/span>for the deeper meaning of an essay or article, consider the possibility that it may not be in the words themselves, but hidden in the shape of the letters. It really could be the case, now that researchers from Columbia University have developed a method called FontCode, which plants data in text through tiny changes in how the letters are shaped.<\/p>\n<p>The method is a <a href=\"https:\/\/www.wired.com\/story\/steganography-hacker-lexicon\/\">steganographic technique<\/a>, meaning it hides secret information in plain sight such that only its intended recipient knows where to look for it and how to extract it. FontCode can be applied to hundreds of common fonts, like Helvetica or Times New Roman, and works in word processors like Microsoft Word. Data encoded with FontCode can also endure across any image-preserving digital format, like PDF or PNG. The secret data won&#x27;t persist after, say, copy and pasting FontCode text between text editors.<\/p>\n<p class=\"paywall\">The most significant format conversion FontCode messages can transcend, though, is digital to physical and back.<\/p>\n<p class=\"paywall\">\u201cMany modern steganographic techniques are always in digital files, but you can argue that the world is much larger than just digital formats,\u201d says Changxi Zheng, a computer scientist at Columbia University who worked on the FontCode research. \u201cSo the question was how can we design a common physical object to convey digital information without compromising its existing functionality. I call it a hyperlink between a physical object and digital information.\u201d<\/p>\n<p class=\"paywall\">The text perturbations FontCode uses to embed a message involve slightly changing curvatures, widths, and heights\u2014but crucially it&#x27;s all imperceptible to the naked eye. You can intuit that some letters, like capital &quot;I&quot;s or &quot;J&quot;s, don&#x27;t have a lot of complexity in which to hide subtle variations. But lowercase &quot;a&quot;s and &quot;g&quot;s, for example, have lots of edges and curves that can be elongated or shortened and bulked up or paired down.<\/p>\n<p class=\"paywall\">The only easy way to extract the hidden information in all those tiny tweaks is with the research teams&#x27; decoding algorithm. A recipient of a FontCode message could use their smartphone to take a picture of text manipulated with FontCode, then run the photo through a dedicated mobile app that decrypts the code to pull out the hidden message. It would also be possible to set up decoding schemes that use a webcam, a scanner, or any other image digitization method. You can see how it works in the video below.<\/p>\n<p><iframe loading=\"lazy\"  src=\"https:\/\/www.youtube.com\/embed\/dejrBf9jW24\" width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe> <\/p>\n<p class=\"paywall\">Though FontCode is just begging to be used in spy movies or <a href=\"https:\/\/www.wired.com\/2017\/02\/white-house-encryption-confide-app\/\">by White House staffers<\/a>, the researchers also imagine that it could be used in place of everyone\u2019s least-favorite hyperlink method, <a href=\"https:\/\/www.wired.com\/story\/the-curious-comeback-of-the-dreaded-qr-code\/\">QR codes<\/a>, or as a watermarking feature. FontCode messages could convey information about trademarks, patents, or other intellectual property protections in a document, or could even act as an anti-tampering feature to ensure that a document hasn\u2019t been manipulated.<\/p>\n<p class=\"paywall\">One difficulty for the FontCode team was maximizing the amount of information they could hide in text while still making the method flexible enough that complete information can still be extracted if physical limitations erode fidelity\u2014for example, if a shadow distorts some letters, or someone drips coffee on a printout that contains a FontCode message.<\/p>\n<p class=\"paywall\">\u201cThe main challenge we were facing was how to encode as much information as possible\u2014because if it only works with a tiny bit of information it\u2019s useless\u2014while making it robust enough so if you have bad lighting or ink stains on the text it will still work,\u201d Zheng says.<\/p>\n<p class=\"paywall\">Steganographic techniques have been around for millennia, but in recent years cybersecurity researchers have noticed hackers adopting them in malicious attacks, and <a href=\"https:\/\/www.wired.com\/story\/muslimcrypt-steganography\/\">developing new variations<\/a> to make their hacks more successful. These types of attacks are difficult for network defenders to detect, since they often hide malicious data in things like image files that don\u2019t have any set standard to check them against. FontCode could be more difficult to weaponize, since anyone could potentially use machine learning algorithms\u2014like those that generate FontCode tweaks\u2014to check text documents against font standards.<\/p>\n<p class=\"paywall\">\u201cThis technique is likely easily detected by machine learning, so it is not suitable for sending secret messages where there are people on the lookout for secret messages being sent,\u201d says Owen Campbell-Moore, a security researcher who <a href=\"https:\/\/www.wired.com\/2013\/04\/secretbook\/\">created the Chrome extension Secretbook<\/a> to hide messages in Facebook photos. \u201cThis is in contrast to other steganography techniques such as JPEG steganography, in which decades of research has been done in order to make it undetectable even when there are people actively scanning for it.\u201d<\/p>\n<p class=\"paywall\">But FontCode does have the advantage of moving between digital and physical mediums, which could have specific applications in high-stakes espionage. And the researchers note that FontCode messages can be additionally encrypted if the sender and receiver agree on a key for reordering whatever data is embedded in a given text. Plus, the technique\u2019s more mainstream uses wouldn\u2019t be impacted by the potential that a scanner could discover the presence of the data\u2014since it wouldn&#x27;t be a secret in the first place that more information was stored there.<\/p>\n<p class=\"paywall\">\u201cIt&#x27;s exciting to see new techniques for steganography being invented,\u201d Campbell-Moore says. \u201cI think this technique has a lot of appeal.\u201d<\/p>\n<p class=\"related-cne-video-component__dek\">It\u2019s 2017! It\u2019s time to start using an encrypted messaging app. Why? Using end-to-end encryption means that no one can see what you\u2019re sharing back and forth.<\/p>\n<p><a href=\"https:\/\/www.wired.com\/story\/fontcode-invisible-messages-steganography\" target=\"bwo\" >https:\/\/www.wired.com\/category\/security\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/media.wired.com\/photos\/5afe1cc38154d3076bfdd582\/master\/pass\/Hidden-Messages.png\"\/><\/p>\n<p><strong>Credit to Author: Lily Hay Newman| Date: Sun, 20 May 2018 11:00:00 +0000<\/strong><\/p>\n<p>Researchers have developed a new technique called FontCode that hides secrets in plain sight.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10607],"tags":[714],"class_list":["post-12351","post","type-post","status-publish","format-standard","hentry","category-security","category-wired","tag-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12351","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=12351"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12351\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=12351"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=12351"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=12351"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}