A Guide to Hiding Messages in Images Using Steganography

Humans have a long history of attempting to hide things in plain sight. Many illusionists base their magic tricks on that approach. Successful concealment of information was also crucial for the spies that played defining roles in transporting and distributing information during wartime. 

There are other applications more relevant to everyday people. For example, hiding messages in images for fun is possible with steganography.    

What Is Steganography?

Steganography is the practice of hiding secret information inside something everyone can see. Only a person with the right knowledge and tools can extract the disguised information from what seems like an ordinary picture or document. 

The earliest uses of steganography did not necessarily involve documents. Sometimes, people served as carriers. In about 440 B.C., a Green ruler named Histaeus tattooed a message onto the shaved scalp of a slave, then waited for the regrown hair to cover it. 

There’s also a field called digital steganography. It applies the technique to electronic files — like images or music clips — rather than something physical. We’ll focus on digital steganography here. 

A picture carrying hidden data is a stego image. The decoder you need to extract the message is a stego key. However, as you’ll see in a later section, many steganography apps used today allow hiding and revealing notes in images. 

The Two Main Types of Steganography Techniques 

There are two groups of steganography techniques associated with hiding messages in images. Each group has interchangeable terms:

Image domain or spatial domain: The practice of embedding messages directly into the intensity of an image’s pixels.

Transform domain or frequency domain: Inserting the message into images by changing the picture first so it’s suitable to conceal the content. 

These techniques work with black and white, grayscale or red-green-blue (color) images. 

Tools for Trying Image Steganography

People who are curious about trying image steganography will find there are plenty of options to discover. If you have a coding background and know Python, there’s a detailed process for hiding and revealing the messages. Here’s a rundown of some of the other less-involved options:

Computer Software

• Steghide: Supports JPG and BMP images — plus WAV files if you want to hide messages in sound clips
• PicStealth: Offers message concealment in images for Windows runtime apps
• OpenStego: Hides data in pictures and allows users to watermark them with an invisible digital signature to prevent unauthorized usage of copyrighted material

Chrome Extensions

• Hide Text in Image: Insert or view text in an image with just a few clicks. This tool also works offline. 
• PassLok Image Steganography: Create your message to hide by typing it into a familiar text editor interface, then upload the desired image.

The Good and Bad Side of Image Steganography

As you might imagine, people can use image steganography for innocent and fun reasons, as well as sinister ones. An example of an activity falling into the first category was using a now-defunct app called Secretbook. It let people hide tweet-length messages in Facebook photos. That approach could be an excellent way to surprise someone for their birthday or for friends to share a joke or happy memory associated with a picture. 

Cybersecurity researchers have also noticed a rise in online crime linked to steganography. One tactic discovered last year involved hiding a credit card skimmer inside a free shipping banner on an e-commerce site. It looks like a graphic any online seller might use to boost their conversions, but the picture hides a malicious code that steals credit card details. 

Another unsetting tactic revealed by cyber experts is called stegware. Online criminals use techniques based on steganography to spread malware through images or other files that seem harmless. Researchers found evidence of embedding malware into .png files, as well as bitmap images. 

There’s also the case of Xiaoqing Zheng, a former General Electric engineer. He hid proprietary data about turbine engines in a sunset photo. That approach allowed him to move the information off-site without the internal email monitoring system flagging it. His actions led to economic espionage charges.

Worth Checking Out, but With Caution

After reading this overview, it’s understandable that you may want to experiment with hiding messages in images. Readily available tools make it easy to get started.

However, if your motives concern getting back at someone or any other action people may interpret as purposefully harmful, strongly reconsider your plans to avoid undesirable consequences.