A security researcher has warned that text in a document should only ever be redacted using black bars and photo editing software, and that using any other method could result in data being leaked.
Dan Petro, lead researcher at Bishop Fox, also warned that users should editing the text as an image instead of modifying a Word document to have a black background with black text, which can still be read.
Any other methods, including pixelating or blurring the letters, should also be avoided.
Petro raised the issue as part of a challenge by cyber security firm Jumpsec, which tasked the community to to un-redact a pixelated image.
Jumpsec had been investigating how effective a tool called Depix was at recovering censored text to a readable format. As part of that investigation, the researchers opened up a challenge to the wider community to see whether other researchers could de-obfuscate an image using their own tools or through Depix.
Explaining how pixelation usually works, Petro said that tools normally divide an image into a grid of a given block size. For each block, the tool will then set the redacted image's colour equal to the average colour of the original, in an attempt to "smear" the information of the image. However, while some information is lost in the process, it leaks plenty through, warned Petro.
This algorithm is also widely standardised, so the same result is created regardless of whether GiMP, Photoshop, or most other tools are used, he added.
To solve the challenge, Petro enlisted a tool he developed called Unredacter, which takes redacted pixelated text and reverses it back into its original form. To use it, he had to first convert the image to grayscale, as it appeared to contain some coloured letters. His tool renders the letters to a headless Chrome window, meaning no colourised artefacts appear.
Petro also had to lighten part of the image to help his tool process it. He was then able to find the correct font and size of the text, which was made easier due to the file being from MS Notepad - the app uses the default font of Consolas. Following trial and error, he found the font was 24px.
The top three IT pains of the new reality and how to solve them
Driving more resiliency with unified operations and service management
The Unredacter program was ultimately able to successfully deduce what the obfuscated text said, although he was asked to hide the solution until the challenge ended.
“The last thing you need after making a great technical document is to accidentally leak sensitive information because of an insecure redaction technique,” wrote Petro.
Documents leaked by the British Ministry of Defence 2011 famously used inadequate obfuscation to hide sensitive government information. A 22-page internal report on Parliament’s website contained blacked-out passages that when copied into a new document, could still be read. Instead of redacting the classified words, the background was simply changed to the same colours as the letters.
More recently, in 2019, lawyers for Paul Manafort, president Donald Trump's former campaign chairman, filed a response to special counsel Robert Mueller team's allegation that Manfort had lied to prosecutors. A sensitive passage was redacted on page 5 which, by copying and pasting it into a different document, was possible to read. It revealed new details about Manafot's relationship with Konstantin Kilimnik, a former associate with links to Russia.
