Published: 30th June 2020
Stegcloak anyone? These SSN students' crypto software lets you send secret messages in text messages
Developed by CSE students from SSN College of Engineering, Stegcloak lets you send seemingly normal messages on any app but conceals secret information
Remember those movies where the spy had to decode messages from a source to get to the next destination? Information was sacred in those films and in the wrong hands, it could have had disastrous consequences. But did you ever fancy yourself in that world, solving codes and uncovering information? If you did, then you'll definitely be intrigued by Stegcloak. Named after the Invisibility Cloak from Harry Potter, Stegcloak is a software developed by three Computer Science Engineering students from SSN College of Engineering in Chennai, that conceals information within a text message which can be sent to anyone, anywhere.
So, how does it work? "If you want to send some sensitive information via text that you don't want disclosed, you can do with Stegcloak. Just type the actual message you want to send, protect it with a password and then enter the message you want everyone to see," explains Mohanasundar M (20), who developed this with his classmates Jyotishmathi CV (20) and Kandavel A (21). Mohanasundar elaborates, "Suppose you want to send a phone number. You can type it in the software and then protect it with a password that will be known to you and the person you are sending it to. Then you need to type the message that everyone will see. The sender has to copy this fake message, paste it on any app they're using and then send. The receiver will have to then use the software, paste the fake message, type the password and reveal the phone number." They have used a technique called steganography, where one file, text, video or image can be concealed or stored within another.
Explaining the technique they used, Jyotishmathi says, "We have used zero-width characters that are completely invisible to the eye. When you look at the message, you won't even realise that there is something additional present there. The user will provide the displayed message, password and the secret message as well and based on the password, the software will encrypt the message and make it invisible using the zero-width characters. Only the people who know the password can access the actual message." The trio had to surpass some challenges in the form of characters blocked by Twitter and Gmail. "We discovered characters that can never be blocked, which are used in emojis and while typing other languages like Chinese, Urdu or Hindi. Two or three syllables have to be joined to form words in these languages and two or three emojis give way to a new emoji. We found six such characters that can't be blacklisted by any social media or app because they have to let people use emojis." Even if one someone knows that a message has been concealed, they won't be able to see what it is due to the dual protection it offers, adds Mohanasundar.
Speaking about the applications of this software, Kandavel says, "This can be used to watermark a writer's credentials in the text they have published online, to enhance their copyright claims. If a writer has embedded their credentials through Stegcloak and if someone copies and pastes this text on their own blog or website, it can be easily revealed." The trio have open-sourced the code online and enabled anyone to use it in their apps for digital imprinting or watermarking. "It can also be used to identify the source of a particular fake news. If WhatsApp uses this code and encrypts the user's phone number in the text they send, they can trace it back to them and prevent fake news from spreading," explains Kandavel. The students' efforts have been recognised by David Walsh of Mozilla and they were asked to contribute to the company blog as guests. The software is also currently topping the Github charts in the steganography tools category.