Skip to content
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
The Reimage Blog
Menu
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
Facebook Twitter
Home  /  Privacy and Security  /  Researchers discover a major flaw in PDF encryption standard
PostedinPrivacy and Security Posted on October 10, 2019

Researchers discover a major flaw in PDF encryption standard

Posted By Deborah.Moore

Attacks can exfiltrate data from encrypted PDF files

The big picture: PDF encryption, as you can imagine, is commonly used in the world of business to protect trade secrets, confidential images, and even health records. Some even send e-mail messages as encrypted PDF attachments for increased security. These methods are generally considered secure as the password to decrypt them can be sent over a secondary channel, like a text message, via voice call or presumably, even by good ole snail mail.

Researchers from Ruhr-University Bochum and Munster University have discovered what they are calling “severe weaknesses” in the Portable Document Format (PDF) encryption standard that can reportedly lead to the ability to capture full plaintext in an active-attacker scenario.

In other words, the researchers found that it is possible to acquire the contents of an encrypted PDF without having the requisite encryption keys.

It’s all a bit technical if you aren’t up to speed on this sort of thing but according to the researchers, the problems – dubbed PDFex – can be summarized as such:

  • Even without knowing the corresponding password, the attacker possessing an encrypted PDF file can manipulate parts of it.
  • More precisely, the PDF specification allows the mixing of ciphertexts with plaintexts. In combination with further PDF features that allow the loading of external resources via HTTP, the attacker can run direct exfiltration attacks once a victim opens the file.
  • PDF encryption uses the Cipher Block Chaining (CBC) encryption mode with no integrity checks, which implies ciphertext malleability.
  • This allows us to create self-exfiltrating ciphertext parts using CBC malleability gadgets. We use this technique not only to modify existing plaintext but to construct entirely new encrypted objects.

This is just a basic breakdown of the issue. For a full rundown of the technical details of the attack, head over and check out this blog post.

In testing, the researchers identified two standard-compliant attacks that can break the confidentiality of encrypted PDF files. When testing 27 of the top PDF viewers, all were vulnerable to at least one of the attacks including software like Foxit Reader, Adobe Acrobat, Chrome and Firefox.

The researchers conclude that these issues must be fixed in future PDF specifications and will be presenting their findings at next month’s ACM Conference on Computer and Communications Security.

Credits to TechSpot.

Share on Facebook Share on Twitter
Previous Article
Windows patch causes more pain: Start Menu, boot and printer problems surface
Next Article
Microsoft Defender ‘Tamper Protection’ reaches general availability

About Author

Deborah.Moore

Related Posts

  • North Korean hackers are posing as job interviewers – don’t be fooled

    November 23, 2023
  • Google is developing ‘Private Spaces’ for Android that hides photos, apps, and data

    November 20, 2023
  • If you haven’t updated WinRAR in the past few weeks, do so now

    October 20, 2023

Leave a Reply

Cancel reply

Scan Now

Categories

  • Business
  • Computer Help
  • Emerging Technology & News
  • Privacy and Security
  • Reviews

Reviews

Reimage Social

Security

Popular Posts

  • PCWorld calls Reimage “A Fantastic Repair Utility “ July 26, 2011 Reviews
  • 4 Ways to Keep the Ghouls & Goblins Away From Your PC October 26, 2010 Archive
  • The PC Key to Happiness – A Properly Maintained OS September 2, 2010 Archive
  • Google says hacked websites were attacking iPhones for years September 12, 2019 Privacy and Security

Random Posts

  • Microsoft’s new ‘autopatch’ service for Windows PC just took another step forwards June 6, 2022 Privacy and Security
  • Apple iPad (8th-gen, 2020) review: The best iPad value by far July 14, 2021 Reviews
  • Everything you need to know about Windows updates May 9, 2019 Emerging Technology & News, Privacy and Security
  • Sony PS5 vs. Microsoft Xbox Series X: Game on for holiday 2020 June 16, 2020 Reviews
© Copyright 2019
We use cookies to ensure that we give you the best experience on our website.Ok