Decrypted secrets: methods and maxims of cryptology
Decrypted secrets: methods and maxims of cryptology
StegFS: A Steganographic File System for Linux
IH '99 Proceedings of the Third International Workshop on Information Hiding
Wading into alternate data streams
Communications of the ACM - Human-computer etiquette
Cyber warfare: steganography vs. steganalysis
Communications of the ACM - Voting systems
One big file is not enough: a critical evaluation of the dominant free-space sanitization technique
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
Data hiding in the NTFS file system
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Reversible data embedding using a difference expansion
IEEE Transactions on Circuits and Systems for Video Technology
IEEE Transactions on Circuits and Systems for Video Technology
| Hi-index | 0.00 |
In this paper, we present DupeFile, a simple yet critical security vulnerability in numerous file systems. By exploiting DupeFile, adversary can store two or more files with the same name/path, with different contents, inside the same volume. Consequently, data-exfiltration exploiting DupeFile vulnerability, hereafter called DupeFile Hiding, becomes simple and easy to execute. In DupeFile Hiding, a known good file is chosen, whose name serves as the cover for hiding the malicious file. Hence we classify DupeFile Hiding as a steganography technique. This vulnerability can also be exploited for legitimate applications - hiding product licence, DRM, etc. DupeFile was first uncovered on a FAT12-formatted disk on Win-98 VM. Nonetheless, the vulnerability exists in numerous file systems, including NTFS, HFS+, and HFS+ Journaled. We have developed two tools: DupeFile Detector and DupeFile Extractor for detecting and recovering hidden files respectively. We have also developed DupeFile Creator for hiding files in legitimate applications.