Home

FEEDsteg

FEEDsteg is a class of steganographic techniques that hide secret data within RSS or Atom feeds. The term combines feed, referring to syndication feeds, with steganography, the practice of concealing information within innocuous media. In FEEDsteg, a sender encodes a payload into the textual or structural parts of a feed, while the feed remains syntactically valid and looks normal to feed readers.

Common methods include encoding data in optional or user-visible fields such as item titles, descriptions, categories,

FEEDsteg techniques are primarily discussed in information security research as covert channels for data exfiltration or

Detection and mitigation rely on content analysis and anomaly detection: monitoring for unusual entropy or patterns

or
author
fields
by
using
padding
or
subtle
substitutions;
using
the
publication
date,
GUID,
or
link
elements
to
carry
information;
placing
data
in
the
enclosure
element
or
in
query
parameters
of
links;
and
manipulating
item
ordering
or
whitespace
to
represent
bit
sequences.
More
advanced
approaches
exploit
hidden
HTML
in
feed
content
or
encoded
data
in
metadata
that
is
ignored
by
standard
readers.
covert
command-and-control
experiments.
They
raise
privacy
and
security
concerns
because
they
enable
hidden
channels
that
can
bypass
conventional
monitoring.
in
fields
that
should
be
regular,
cross-feed
consistency
checks,
and
detectors
that
scan
for
suspicious
encoding
in
titles,
descriptions,
dates,
and
links.
See
also
steganography,
RSS,
Atom,
covert
channels.