- Researcher finds a way to add invisible text to emojier
- It probably can’t be used for malware… probably
- It could be used for water marking or bypassing human moderation
A security researcher claims to have discovered a way to hide extra information inside emoji.
Paul Butler explained how he experimented with Unicode and came up with a method that utilizes variation voters (special characters designed to change the appearance of the text but have no visible effect on most characters). By linking voters together, he was able to code invisible messages inside an emoji (or any other Unicode character).
Here’s how it works: Unicode assigns variation selector (U+FE00 – U+FE0F and U+E0100 – U+E01EF) to certain characters, usually to adjust stylistic presentation. However, these voters can be used to store a byte of data each. Since a sequence of these voters has been preserved even when copy-inserting text, a person could integrate a secret message inside an emoji without changing its visible appearance.
Smuggling of data
It seems that the method cannot be used to smuggle malware or malicious code, an application expansion or something kind. However, it can be used to bypass human moderation or watermark sensitive documents. With these invisible watermarks, a writer could be able to trace their work that is copied and inserted on the entire Internet, for example.
In the discussion of potential defensive measures, Butler said AI could be of use. While some AI models, such as Openais GPT and Google’s Gemini, retain variation voters, they do not naturally try to decode hidden messages.
However, when paired with coders, AI systems have successfully extracted secret messages within seconds. This suggests that automated detection tools could be developed to counteract potential abuse.
All in consideration, this could be seen as an interesting underlying Unicode. At this point, it is very unlikely that someone could develop a malicious use for it.
