Israel has deployed a mass facial recognition program in the Gaza Strip, creating a database of Palestinians without their knowledge or consent, The New York Times reports. The program, which was created after the October 7th attacks, uses technology from Google Photos as well as a custom tool built by the Tel Aviv-based company Corsight to identify people affiliated with Hamas.
Are you implying you can’t use steganography techniques on real objects and images? You act like I stated it would be easy.
OK, so who’ll decode your “virus” from those real objects? Or it’s a case of “I’m a poor Nigerian virus, please kindly run me with root privileges on a system with such and such”?
EDIT: I mean, steganography is too a word a person should know the meaning of before using.
Just because you said this wouldn’t work like SQL Injection, does not mean it won’t. You don’t know either. Have you worked on facial recognition databases? How do they store their data? Its most likely just a database. Then I would start by looking at steganography techniques to see how those can be applied. Obviously I’m not hiding an executable in there, but I don’t see why you couldn’t try for unsanitized input, you never know. Now if you want to continue into realism, you would just wear a full face mask outside. You also never answered my question about steganography.
Your question doesn’t make any fucking sense in the context of attacking anything, steganography is encoding your message inside redundant encoding for something else.
So, about that word.
A “virus in an image” situation is for cases when a program which will open that image has some vulnerability the attacker knows about, so the image is formed specifically to execute some shellcode in this situation.
Same with “a virus in an MP3”, some MP3 decoder has a known vulnerability allowing a shellcode.
Same with PDFs and anything else.
There are more high-level situations where programs with their own complex formats (say, DOCX which is a ZIP archive with some crap inside) execute stuff.
All this is not steganography.
Steganography is when, a dumb example, you have an image and you hide your message in lower bits of pixel color values. Or something like that with an MP3 file.
Obviously I’m not hiding an executable in there, but I don’t see why you couldn’t try for unsanitized input, you never know.
Attacks are a matter of probabilities, and “you never know” doesn’t suffice.
