Pitfalls of Steganography
There are many drawbacks to using steg files to communicate covertly.
First, easy to use, easy to find freeware is also easy to detect. Many programs, like F5, leave telltale signs of being an altered file like a signature in the code. Good steg programs (ie the ones you pay for) will make headers and footers match the file, and conceal the changes made to the file.
Second, some steganography software may also degrade the quality of the file, especially audio and video files. This isn’t as common with static digital images, because it is easy to insert a payload into this type of channel.
Third, as the FBI’s Overview of Steganography for Computer Forensics Examiners points out, steganography hides the covert message but not the fact that two parties are communicating with each other. If two parties wanted to convey a message covertly, they still must devise an innocuous excuse for their need to communicate, which may not be enough to exclude their communication from being identified as candidates for steg. Thus steganography may not be suitable for groups requiring totally anonymous communication, like terrorists.
Finally, this highlights a fundamental problem of steganography; the problem of hiding in plain sight. Steganography derives its security from obscurity. Meaning payloads are hidden among millions of other innocuous looking digital pictures online. It is unlikely that an adversary would stumble onto the exact location of a steg file and also recognize it as something other than what it appears to be. It is the equivalent of hiding a blade of grass in Nebraska or a piece of paper in the Library of Congress. The likelihood of someone finding it and recognizing it as unusual is nil. However, if an adversary knew where to look, or that files uploaded by a certain username were suspect, then steganography would lose much of its security.