Audio Steganography : The art of hiding secrets within earshot (part 1 of 2)

What is Steganography?

The word “Steganography”, like many other cool terms, has a Greek origin. It is derived from two Greek words steganos, meaning “covered,” and graphein, meaning “to write”, and refers to the art of enabling covert communication that uses clever methods to hide information in plain sight.

Image source

The earliest recorded use of this word dates back to 440 BC, when Histiaeus; the Persian Chief Miletus; shaved the head of one of his servants and tattooed a secret message the servant’s scalp. The message got covered, when the servant grew his hair back. And Histiaeus sent the man to Aristagoras who shaved the man’s head and read the secret message.

Image Source

And also when Demaratus fooled the Persian spies by covering the engraved wooden tablets with wax to secretly forewarn Greece of the arrival of Xerxes’s naval fleet.

Perhaps one of the more notoriously known examples is of the time of when North Korea captured the crew of USS Pueblo and forced the ship’s crew to pose in propaganda photos to make it look like to they were being treated fairly. The crew actually decided to make hand-gesture in the clicked pictures to covertly protest their captivity.

Image Source

As you would notice, in all of these incidents the “secret” message was covertly placed inside another message or document such that it remained imperceptible to the unintended receiver.

Steganography Vs Cryptography

maymay reference

Note that Steganography is not the same as Encryption / Cryptography. In Steganography we do not aesthetically alter the publicly communicated message, meaning that the intelligibility of the “carrier” message remains intact. This has an important advantage that “public” message doesn’t attract undue attention to itself, and the fact that this message is carrying a “secret” message is not known to eavesdroppers. On the other hand, encrypted messages are masked using well-known algorithms and arouse the curiosity of hackers and/or researchers to try and break the encryption.

(Remember the time in primary school, when you returned your crush’s notebook with a confession written at the back in invisible ink? That was Steganography. Now you know!)

Audio Steganography

While in theory, you can conceal any text, file, image, audio or video within another text, file, image, audio or video; I will only deal with audio domain examples in this article. Audio Steganography is the art of covertly embedding secret messages into digital audio.

What’s the trick behind Audio Steganography?

The key to all of the methods that we will discuss is that we are going to exploit the Human Auditory System. Due to its anatomy, the human ear can pick up the vibrations of a membrane between the frequency range of 20 Hz and 20 kHz. The actual range for a person may vary based on various factors such as age, gender, and health. For example, the upper limit for a middle-aged adult is usually about 12–15 kHz, and it further degrades with age. Also, the hearing range for men degrades quicker than that of women.

One more thing your pet is better at! Image source: Cochela

Hearing range for animals is different from humans. For example, with its big ears, an elephant can hear “infrasounds” (sounds lower than the human range of 20 Hz) such as a heartbeat of 1 or 2 Hz. And similarly, dogs can hear “ultrasounds” (sounds higher than the human limit of 20000 Hz) such as a dog whistle.

So one way to achieve the Audio Steganography would be to use Infrasound and/or Ultrasound range to transmit our “secret” message, which would be accompanied by a “public” audio data being played on the audible frequency range, in order to deceive the unintended receiver. In the coming sections, I will explain this method in more detail.

Case in point

There have been many instances in history when the applications that use Audio Steganography methods have attracted some major news headlines. I will share some examples here to help you understand some of the possible applications that Audio Steganography can have.

  1. Malicious apps on mobile phones can lookout for the inaudible sounds
Source
Source

In 2014, SilverPush, a Gurugram-based Indian advertisement company, was found to be using unscrupulous means to track users across multiple devices. All of the apps that used SilverPush’s SDK, were able to listen to the “audio beacons” through the phone’s mic in order to facilitate a more effective user habit tracking. These beacons were covertly transmitted as ultrasonic sound waves coming from the company’s advertisement running on television or in a web browser running on a computer. These secret triggers were, of course, imperceptible to the device owners.

2. Hidden sounds can trigger the smart home devices

Source

Earlier this year, Amazon announced that it had taken steps to ensure that the Amazon Echo devices in viewers’ home will not get unintentionally activated during the Super Bowl ad for Alexa devices. It is speculated that Amazon made clever use of acoustic frequency range to achieve this.

The point to note here is that the same concept can be extended to inaudible audio waves from seemingly innocuous sources such as television, that may interface with smart home devices unbeknownst to the device owners.

Source

3. A ringtone that only the young people can hear

Source

You might have heard of The Mosquito. It is an electronic device that is used in some countries to deter young people from congregating, mainly outside shops and marts, and hopes to reduce anti-social behavior such as loitering and vandalism. It works on the simple principle that hearing range for humans deteriorates with age. So the ultrasounds that The Mosquito produces, can only be heard by the young people. To cause slight discomfort, these audio waves could also be transmitted at higher sound pressure levels.

Taking advantage of the fact that the cellphones are generally capable of producing and recording ultrasounds, some teenagers recorded the sounds from The Mosquito to their smartphones and began to use it as call ringtone in order to get away with using phones in classrooms. This ringtone is also commercially available now.

The point to take away from this is that if your target audience or the intended receiver of the message is young, you can use near-ultrasound ranges to encode your “secret“ message.

Below is an audio sample to replicate “The Mosquito Ringtone” effect. You can use it to see if you can hear the infamous “Teen Buzz” sound

17.4 kHz for below-23 age group:

21 kHz for below-20 age group:

4. Hidden sounds in movies to play with your emotions

Source

Have you ever wondered why the horror movies feel scarier at your local movie theatre (that is equipped with Dolby Sound), compared to watching the same movie at home? Well, with Audio Steganography the filmmakers can use infrasounds to unnerve the audiences.

Studies have shown that the infrasounds (extreme bass waves) can cause the feeling such as sorrow, unease, fear, panic, depression and physical sensations. A famous paper titled “The Ghost in the Machine” published in the 1990s talked about how a broken metal fan in the lab of Vic Tandy, a British Researcher, caused him to experience a supernatural presence. The sound produced by the fan was measured to be at 18.98 Hz, which is below the human hearing range and is very close to the resonant frequency of the eye (18 Hz) defined by NASA.

If you are interested in knowing more about the acoustic trickery used in cinemas, I recommend watching the below Ted Talk.

5. Silent Subliminal Technology

Some people believe in subliminal audios to be influential to the subconscious mind. It is known that certain frequencies activate particular areas of the human brain. The proponents of subliminal methods advocate listening to useful audios such as self-help recordings as ultrasounds. The basic idea is that even though the audio playback will be completely “silent” to the human ear, but the human subconscious mind can still listen to these audio and take advantage of the positive influence of the audio content. Usually, these subliminals are mixed some other audible acoustics so that the listener doesn’t feel bored with the “silence” of subliminals. Also, at present, there is no clear evidence that proves the effectiveness of the subliminal technology.

So, How about a quick hearing range test?

“Experiments have shown that a healthy young person hears all sound frequencies from approximately 20 to 20,000 hertz.”

- Cutnell, John D. and Kenneth W. Johnson. Physics. 4th ed. New York: Wiley, 1998: 466.

As explained earlier, a person’s hearing range deteriorates based on various factors such as age, gender, and health. You can use the following audio files to test your current hearing range.

NOTE: I have made sure to keep the “loudness” of these audio files to be much lower than the limit that might be remotely damaging to the human ear, and each frequency is within the human audible range. But I still recommend not using earphones to listen to these audios for a long duration.

Lower Bound Test:

Upper Bound Test:

(Maybe leave a comment below with your age, gender and hearing range?)

By now you should have a good understanding of the Audio Steganography concept. In the next installment of this two-part writing, I will describe some of the methods to achieve the magic of Audio Steganography along with the hands-on examples with accompanying code/tools.

Thank you for reading this article. Feel free to leave your comments/questions /feedback in the comments section below. And I will see you in the next one!

--

--

--

Research Scientist II at Alexa AI, Amazon USA. Checkout my blog: https://blog.reachsumit.com/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

BITONE Mainnet Launching Promotion

CryptoDiffer AMA With Ocean Protocol Co-Founder Bruce Pon, November 2020

Top 5 Security Precaution You Should Take While Working Remotely

iBG Finance

$SURE USE CASE

Creating a CTF type environment

On Getting a Ransom Message

Data Privacy & Security in Healthcare

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sumit Kumar Arora

Sumit Kumar Arora

Research Scientist II at Alexa AI, Amazon USA. Checkout my blog: https://blog.reachsumit.com/

More from Medium

Lamborghini Next-Generation Hybrid Super Sport

Rethinking and Expanding the Talent Pipeline (Second Chance Month)

I have been thinking about what it means to be a designer today.

5 reasons why you need to learn Korean. (it’s not just Kpop and Kdramas!)