Branden Palacio (Marquette University), Keyang Yu (Marquette University)

The widespread availability and routine use of social media platforms have created new opportunities for covert communication over channels that are often permitted within organizational networks. This work presents SocialStego, a proof-of-concept system that demonstrates how limited social media security policies can be exploited by an insider to exfiltrate sensitive information without violating nominal access controls. Adopting an insider-threat perspective, SocialStego combines Least Significant Bit (LSB) steganography with a hybrid cryptographic scheme to protect the confidentiality of embedded payloads. Specifically, AES-256 is used for payload encryption, while RSA- 2048 supports secure key exchange. A custom encoding protocol is implemented to embed encrypted data into lossless PNG image files and WAV audio files. Encoded carrier files are transmitted using existing social media and messaging infrastructure that preserves lossless media formats. The system examines the trade-offs between embedding capacity and perceptual distortion, showing that WAV carriers support higher payload capacity under the proposed design due to their variable duration, while increasing the LSB bit depth introduces more noticeable and potentially detectable noise artifacts in the carrier. Collectively, these findings demonstrate the feasibility and associated risks of covert data exfiltration via commonly accessible social media channels and highlight the need for organizations to account for such mechanisms when developing security policies and controls.

View More Papers

Scalable Off-Chain Auctions

Mohsen Minaei (Visa Research), Ranjit Kumaresan (Visa Research), Andrew Beams (Visa Research), Pedro Moreno-Sanchez (IMDEA Software Institute, MPI-SP), Yibin Yang (Georgia Institute of Technology), Srinivasan Raghuraman (Visa Research and MIT), Panagiotis Chatzigiannis (Visa Research), Mahdi Zamani (Visa Research), Duc V. Le (Visa Research)

Read More

There is No War in Ba Sing Se: A...

Friedemann Lipphardt (MPI-INF), Moonis Ali (MPI-INF), Martin Banzer (MPI-INF), Anja Feldmann (MPI-INF), Devashish Gosain (IIT Bombay)

Read More

The Things That Count: Coverage Evaluation Under the Microscope...

Tobias Holl (Ruhr University Bochum), Leon Weiß (Ruhr University Bochum), Kevin Borgolte (Ruhr University Bochum)

Read More