THE peculiar list of search options that Google suggests as you type in a query could be hijacked to let people communicate secretly.

So says Wojciech Mazurczyk at the Warsaw University of Technology in Poland, who specialises in steganography – the art of hiding messages in plain sight.

Mazurczyk and his team dream up new ways in which spies or terrorists might try to communicate undetected, allowing security agencies to develop ways of eavesdropping on them. To avoid arousing suspicion, the method used must be as commonplace as possible, and what could be more ordinary than seeing someone googling in a cyber cafe? It wouldn’t warrant a second glance, Mazurczyk told a security conference in Prague, Czech Republic, last month.

So the team turned to Google Suggest to see if it could hide messages. Google Suggest works by listing up to 10 suggestions each time a letter is added to a search term, based on the most popular searches made by other Google users that begin with the same letters. The words offered change as each new letter is added.


Some of the options that appear as your search term takes shape can often seem quite strange: “runescape”, “rotten tomatoes” and “rock and chips” for “r”, “ro” and “roc” in “rocket”, for instance. This is the key to how Mazurczyk’s team adds its own search suggestions to the list to encode secret messages.

To do this, the team, including Mazurczyk’s colleagues Krzysztof Szczypiorski and Piotr Bialczak, infects a target computer with malware called StegSuggest. This intercepts the Google Suggest lists exchanged between Google and the infected computer, and adds a different word to the end of each of the 10 suggestions in the list on that particular machine. The added words are chosen from the 4000 most used words in English to make sure they do not appear too outlandish.

The receiver types in a random search term and notes down the additional word in each suggestion. These 10 extra words are then looked up in a “codebook” shared by receiver and sender that contains all 4000 words, which gives each word a 10-bit binary number. The numbers are linked together into a chain which is converted into text using a separate program on the receiver’s home PC, revealing the hidden message.

However, Ross Anderson, a cryptography and security specialist at the University of Cambridge, thinks there is enough traffic between sender and receiver to alert authorities that something suspicious is afoot – thereby undermining the process.