Saturday, June 18, 2011

Google autocomplete could be spy source for hidden messages

By Suzanne Choney

It's being suggested that Google's "Suggest," also known as autocomplete, could be used to let spies send hidden messages.a

Wojciech Mazurczyk, of the Warsaw University of Technology in Poland, and a specialist in steganography — the art of hiding one message within another — believes that spies or terrorists could use the Google search feature to sneak communiques to one another.a

Mazurczyk and his team of researchers tested it out. Most of us know how autocomplete works. Type in a few letters, and Google offers up some suggested words or phrases that might be the ones you want, using an algorithm that predicts and displays search queries based on other users' searches.a

For example, I started to type in the word "test," as shown in the photo above. By the time I got to "tes," Google offered up the results shown, including "testosterone" and "test Internet speed." Google autocomplete can offer up to 10 suggested search phrases.a

Mazurczyk's team infected a "target computer" with malware known as StegSuggest, according to New Scientist. The malware intercepts the autocomplete lists "exchanged between Google and the infected computer, and adds a different word to the end of each of the 10 suggestions in the list on that particular machine. The added words are chosen from the 4,000 most used words in English to make sure they do not appear too outlandish."a

Then, the receiver of the message "types in a random search term and notes down the additional word in each suggestion."a

Those 10 extra words are looked up in a "codebook" that is shared by the receiver and sender, with each of the 4,000 words having a 10-bit binary number. "The numbers are linked together into a chain which is converted into text using a separate program on the receiver's home PC, revealing the hidden message."a

Mazurczyk shared the findings at a recent security conference in Prague. Not everyone agrees with them, though, in terms of invincibility. Ross Anderson, a cryptography/security specialist at the University of Cambridge, said in the New Scientist piece that he thinks law enforcement would pick up the scent because of the amount of traffic between sender and receiver.a

— Via The Next Weba

Related stories:a

Google image search can't tell Obama from Bush You 'autocomplete' me wrong: Irish hotel sues Google Next for Google Docs: offline support, better presentations

Check out Technolog, Gadgetbox, Digital Life and In-Game on Facebook, and on Twitter, follow Suzanne Choney.a

Artikel yang Berkaitan

0 komentar:

Post a Comment