Skip to content
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
The Reimage Blog
Menu
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
Facebook Twitter
Home  /  Privacy and Security  /  Researchers discover a major flaw in PDF encryption standard
PostedinPrivacy and Security Posted on October 10, 2019

Researchers discover a major flaw in PDF encryption standard

Posted By Deborah.Moore

Attacks can exfiltrate data from encrypted PDF files

The big picture: PDF encryption, as you can imagine, is commonly used in the world of business to protect trade secrets, confidential images, and even health records. Some even send e-mail messages as encrypted PDF attachments for increased security. These methods are generally considered secure as the password to decrypt them can be sent over a secondary channel, like a text message, via voice call or presumably, even by good ole snail mail.

Researchers from Ruhr-University Bochum and Munster University have discovered what they are calling “severe weaknesses” in the Portable Document Format (PDF) encryption standard that can reportedly lead to the ability to capture full plaintext in an active-attacker scenario.

In other words, the researchers found that it is possible to acquire the contents of an encrypted PDF without having the requisite encryption keys.

It’s all a bit technical if you aren’t up to speed on this sort of thing but according to the researchers, the problems – dubbed PDFex – can be summarized as such:

  • Even without knowing the corresponding password, the attacker possessing an encrypted PDF file can manipulate parts of it.
  • More precisely, the PDF specification allows the mixing of ciphertexts with plaintexts. In combination with further PDF features that allow the loading of external resources via HTTP, the attacker can run direct exfiltration attacks once a victim opens the file.
  • PDF encryption uses the Cipher Block Chaining (CBC) encryption mode with no integrity checks, which implies ciphertext malleability.
  • This allows us to create self-exfiltrating ciphertext parts using CBC malleability gadgets. We use this technique not only to modify existing plaintext but to construct entirely new encrypted objects.

This is just a basic breakdown of the issue. For a full rundown of the technical details of the attack, head over and check out this blog post.

In testing, the researchers identified two standard-compliant attacks that can break the confidentiality of encrypted PDF files. When testing 27 of the top PDF viewers, all were vulnerable to at least one of the attacks including software like Foxit Reader, Adobe Acrobat, Chrome and Firefox.

The researchers conclude that these issues must be fixed in future PDF specifications and will be presenting their findings at next month’s ACM Conference on Computer and Communications Security.

Credits to TechSpot.

Share on Facebook Share on Twitter
Previous Article
Windows patch causes more pain: Start Menu, boot and printer problems surface
Next Article
Microsoft Defender ‘Tamper Protection’ reaches general availability

About Author

Deborah.Moore

Related Posts

  • Microsoft details its legacy Edge browser phase-out strategy

    February 12, 2021
  • Government censorship threats over TikTok spiked interest in VPNs

    February 8, 2021
  • After Musk tweet, Signal and Telegram see millions of new downloads

    January 15, 2021

Leave a Reply

Cancel reply

Scan Now

Categories

  • Business
  • Computer Help
  • Emerging Technology & News
  • Privacy and Security
  • Reviews

Reviews

Reimage Social

Security

Popular Posts

  • PCWorld calls Reimage “A Fantastic Repair Utility “ July 26, 2011 Reviews
  • 4 Ways to Keep the Ghouls & Goblins Away From Your PC October 26, 2010 Archive
  • The PC Key to Happiness – A Properly Maintained OS September 2, 2010 Archive
  • Google says hacked websites were attacking iPhones for years September 12, 2019 Privacy and Security

Random Posts

  • Working at Reimage is Fun! October 27, 2010 Archive
  • Windows Service Packs: A Look into Reimage User Stats September 2, 2010 Archive
  • What’s your internet downloading style? October 26, 2010 Archive
  • Holographic collaboration: The next big idea in remote work? February 3, 2020 Emerging Technology & News
© Copyright 2019
We use cookies to ensure that we give you the best experience on our website.Ok