Inspiration
According to the NSA, there are around 300 million hacking attempts made everyday! And recently, in July 2020, a teen hacked twitter involving $100,000 worth of bitcoin! From these statistics, it seems like it is no longer safe to communicate over the internet. However, Spymail can solve this problem!
While encrypted emails exist, your information is still at the risk of getting hacked. However, with Spymail, we are adding both technical and psychological encryptions to ensure the maximal security.
As a result, we wanted to create a program that brought a second level of security -- ensuring the enemy won’t even know encrypted messages are being sent in the first place. By storing them inside a spam email’s logo, the information being sent over would not be detected unless the enemy was aware of the system in use.
What it does
If a user wants to send “important information”, they will type their message or upload their files just like a normal file. However, when they press the send button. Their message will be encrypted inside the image of a spam email’s company logo because almost no one will think there’s “important information” inside a company’s logo.
The message will be encrypted inside the image’s logo by using the RGB values of the logo. For example, if the logo is black, the RGB value for (0, 0, 0) can represent “0000” and the RGB value for (0,0,1) can represent “0001”, etc (up to 15, or 1111). Making the RGB value of certain pixels to RGB(1, 0, 0) will not make a difference on the eyes. Therefore, if we combine some pixels together, we can actually convert it into a byte, which can be used to store data. The user receiving the image logo can also decrypt the message by converting the image into bytes.
In addition to sending spam emails with information, SpyMail also has the option to send regular spam emails that contain no secret information on a timer with the secret information mixed in at some point in time. For example, the user could send 100 spam emails over the course of 24 hours and set the 44th email sent to contain the secret information.
How I built it
For sending the spam email, we used JavaMail. In order to send emails, we must use a valid email with a valid password, and then pass it into PasswordAuthentication. We also set the host to smtp.gmail.com because we are using Gmail for our tests.
To make the spam emails, we decided to use HTML with CSS because that is the easiest way to make a good-looking spam email that can also easily be combined with Java. We created the HTML spam email templates using Postcards and later downloaded it as a zip file with the HTML code.
After getting the HTML code, we converted it into a Java string. This allows us to pass HTML as a parameter into the Mime-type data in Java, which can be used to send HTML emails. However, the images were all in local storages, so in order to make it appear in the email, we had to individually add each image as a body part. After that, we sent the content using Transport.
The methods to write and read from the logo files mainly incorporated the Image and PixelReader classes from the JavaLibrary to read and write to pixels in the image. The information for what the logo is, how many emails to send, and how to read the logo images is highly customizable and can be read in from data files if the default value is not wanted. In the logo images, pixels whose rgb color differ too much from the color to replace with the byte data are not changed and simply skipped over.
Challenges I ran into
One challenge I ran into while building the email part was that the images would not load in the email because they were not publicly available. Initially, I thought I had to make each image publicly available, which would have been impossible because each encoded data will become public. However, after researching more about the Mime data type, I realized there’s a specific way to make it render in the email.
Additionally, when reading/writing to the images pixel data, the rgba system for the Java Color class and the most common way to represent RGB as an integer differed, causing the program to fail without warning. After debugging with various print statements and my IDE’s debugger, I caught this and implemented a new way to store RGB values and made it universal for the program.
Accomplishments that I'm proud of
Before the hackathon, I had no experience of using JavaMail and sending HTML emails. However, I am proud that I was able to make it work and overcome my imposter syndrome!
What I learned
Initially, I didn’t know how email messages were so pretty because I only know how to send text emails. However, after some googling, I realized you can send HTML emails. In addition, I also learned a lot about JavaMail and sending HTML emails.
What's next for Spymail
One improvement we can make with the spam mail is to make the random data around the email to be more realistic. This includes updating the random data as time goes on with working links. Since both users know the secret, it will not appear as phishing emails.
Additionally, due to time constraints there are some possible ways for the user to crash the program by entering invalid data at specific times. While the program does test each file path to make sure it’s legitimate, changing the files as emails are being sent can potentially lead to a problem. This is an easy fix, but it just takes some time.
One last improvement we thought about is allowing the program to also read the emails sent to a user, reading and decoding each logo on every spam email, shortening the time it takes to uncover data.
Log in or sign up for Devpost to join the conversation.