Abstract:In this paper, we present DupeFile, a simple yet critical security vulnerability in numerous file systems. By exploiting DupeFile, adversary can store two or more files with the same name/path, with different contents, inside the same volume. Consequently, data-exfiltration exploiting DupeFile vulnerability, hereafter called DupeFile Hiding, becomes simple and easy to execute. In DupeFile Hiding, a known good file is chosen, whose name serves as the cover for hiding the malicious file. Hence we classify DupeFile Hiding as a steganography technique. This vulnerability can also be exploited for legitimate applications-hiding product license, DRM, etc. DupeFile was first uncovered on a FAT12-formatted disk on Win-98 VM. Nonetheless, the vulnerability exists in numerous file systems, including NTFS, HFS+, and HFS+ Journaled. We have developed two tools: DupeFile Detector and DupeFile Extractor for detecting and recovering hidden files respectively. We have also developed DupeFile Creator for hiding files in legitimate applications.Keywords: data hiding; file systems; integrity; security; steganography; vulnerability.Reference to this paper should be made as follows: Srinivasan, A., Kolli, S. and Wu, J. (2013) 'Steganographic information hiding that exploits a novel file system vulnerability', Int.