Title: Steganographic information hiding that exploits a novel file system vulnerability
Authors: Avinash Srinivasan; Satish Kolli; Jie Wu
Addresses: Volgenau School of Engineering, George Mason University, Fairfax, VA 22030, USA ' Volgenau School of Engineering, George Mason University, Fairfax, VA 22030, USA ' Computer and Information Sciences Department, Temple University, Philadelphia, PA 19122, USA
Abstract: In this paper, we present DupeFile, a simple yet critical security vulnerability in numerous file systems. By exploiting DupeFile, adversary can store two or more files with the same name/path, with different contents, inside the same volume. Consequently, data-exfiltration exploiting DupeFile vulnerability, hereafter called DupeFile Hiding, becomes simple and easy to execute. In DupeFile Hiding, a known good file is chosen, whose name serves as the cover for hiding the malicious file. Hence we classify DupeFile Hiding as a steganography technique. This vulnerability can also be exploited for legitimate applications - hiding product licence, DRM, etc. DupeFile was first uncovered on a FAT12-formatted disk on Win-98 VM. Nonetheless, the vulnerability exists in numerous file systems, including NTFS, HFS+, and HFS+ Journaled. We have developed two tools: DupeFile Detector and DupeFile Extractor for detecting and recovering hidden files respectively. We have also developed DupeFile Creator for hiding files in legitimate applications.
Keywords: data hiding; file systems; integrity; security; steganography; information hiding; file system vulnerability.
International Journal of Security and Networks, 2013 Vol.8 No.2, pp.82 - 93
Received: 14 Aug 2012
Accepted: 02 Feb 2013
Published online: 18 Aug 2013 *