Pixelation, a method of blurring letters, may not be as safe as originally believed. While opaque black stripes are the most reliable technique of obscuring critical textual data, alternative redaction techniques such as pixelation can achieve the opposite effect, allowing pixelized text to be reversed back into its original form.
Dan Petro, a principal researcher with offensive security firm Bishop Fox, revealed how to rebuild text from pixelated photos using a new open-source tool called Unredacter, thus revealing almost every information that was supposed to be hidden. The tool is also said to be an upgrade over Depix, an existing utility that recovers text by checking up what permutations of pixels may have resulted in given pixelated blocks.
The threat concept is based on the premise that, given a piece of text comprising both redacted and unredacted material, the attacker may guess the hidden data based on the font size and type learned from the cleartext. Similar methods for recovering censored information from pixelated content have been proposed several times before. Positive Security researchers published a method for reversing pixelation in videos in January 2022.
“When redacting information in videos, content creators and journalists should be aware of the added risks and utilize a sufficiently large mosaic size/blur radius, or better yet, employ an opaque, single-colored box,” researcher Fabian Braunlein said.
Petro agrees. “The bottom line is that when redacting text, employ black bars that encompass the entire text. Never, ever, ever use anything else. No pixelation, no blurring, no fuzzing, no swirling.” “The last thing you need after creating a fantastic technical document is for an unsafe redaction technique to mistakenly reveal important information,” Petro added.