Skip to content
Naked Security Naked Security

Pizza Hut steganography – hostage embeds hidden message in pizza order

How do you call 911 while doing nothing more suspicious than placing your regular pizza order?

Yesterday, we wrote about an upside to facial recognition.

That’s usually a technology we treat with some scepticism and caution because of its negative privacy implications.

But students at a UK university claim to be looking for a way to build facial recognition into a “digital cane” for blind people that can help them spot when friends are near.

→ Spotting people you want to avoid might be a neater use case. If you’re blind, you presumably just advise your your friends to say something out loud when they see you, so you can recognise their voices – it’s the quiet ones you want to look out for.

Similarly, when we write about on-line tracking and geolocation, we’re often taking a somewhat adversarial point of view, advising you to watch out for revealing to everyone (including crooks!) where you are from moment to moment.

But, like most things, from nuclear fission to secret messaging, the technology is usually neutral; it’s how you use it that counts.

There are exceptions, of course – live cookery competitions on TV spring to mind as an example of technology with an upside that has yet to be found – but here’s another “it ended well” story to brighten your day.

It seems that a woman in Florida, USA, got into a fairly distressing domestic argument with her boyfriend that ended up with him waving around a knife and making sure she didn’t get away to raise the alarm.

Apparently, he insisted on going with her to collect the kids from school, took away her mobile phone, and made sure the whole family got back to the house without raising the alarm, thus returning the victims to a state of imprisonment.

What to do?

The victim played it cool, eventually persuading her boyfriend to let her order pizza, which gave her access to the mobile phone for a short while.

As a regular customer, she now faced quite a dilemma.

She could have ordered something so unusual, or added some toppings that the pizza place knew she didn’t like, let lone never ordered, as a sort of distress signal.

But that might have been too subtle for a steganographic (hidden) message, and thus might have gone unnoticed.

At the same time, a “duress” order would probably have aroused her boyfriend’s attention, if not at the time of placing the order, then at least on delivery.

“WHAT’S THIS EGGPLANT DOING ON MY PIZZA?” (Good question, actually. Eggplant shouldn’t be allowed on pizza.)

But it seems that the pizza parlour’s ordering system included a special field for customer comments, presumably to deal with special requests such as “easy on the mustard” or “double super-hot chilli sauce, please, and I promise not to complain.”

So she simply ordered her regular, a Large Hand Tossed Classic with Pepperoni and Garlic.

With a special message of Please help. Get 911 to me that Pizza Hut duly noticed and acted upon.

Good thinking, because now everyone’s expecting a knock at the door, but the victim has a secret hope that it’ll be a pizza-plus-police delivery.

Which it was.

Law enforcement quickly got her and one of the children to safety, and subsequently coaxed the boyfriend out without incident some 20 minutes later.

Chalk one up for steganography, the art of secret messages delivered in plain sight.


Because the message was in plain text, I’m having trouble seeing how this is steganography.


It’s a loose interpretation of the word, but I think it’s valid. SGY is putting a message in plain sight where people not “in the know” can’t recognize it. Since it went through her phone, it was probably hidden from view of the guy.

So, I think it’s OK. Personally, though, I would have highlighted the non-standard use of the word; that could help readers get encouraged by the story, and at the same time learn something about steganography itself.


The “hidden message” is obvious to the Pizza Hut people but she was able to send it unencrypted, hidden in the middle of her pizza transaction, unnoticedby the eavesdropper at her end (her boyfriend).

So it’s admittedly a _very_ faint stretch of the word “steganography” in this case, but I’m OK with it. (Of course, I would say that…so I have :-)


Quick thinking on her part; good for her.

But now I’m thinking how really, really good an Eggplant Parmesan pizza would be! YUM!!!


Anyone looked up steganography? It’s the practice of “concealing messages in plain sight,” not just having them there.


I didn’t get the story well, How can the Pizza hut employer get her message and typed in 911 on pizza. Can anyone clarify more?


It’s not made very clear in the story, but this was an online order, so presumably she typed the message on her phone. If her boyfriend glanced at the phone while she was doing that he would have seen that she was using the pizza website/app as he expected.


That’s how I read it. She couldn’t risk making a 911 call directly or being seen using the SMS app on her phone, but knowing there was effectively a “short message system” built into the Pizza Hut ordering app or web page, she was able to place a genuine order but get off the message in an innocent-looking way at the same time.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!