PDF document encryption is widely used in the commercial world and is often used to protect trade secrets, confidential images, and health records. Even for added security, some companies send emails in the form of encrypted PDF attachments.
PDF encryption is generally considered safe, but researchers from Ruhr University and Munster University in Bochum have recently discovered a serious vulnerability in the Portable Document Format (PDF) encryption standard that allows attackers to capture plaintext of encrypted documents. In other words, the researchers found that the contents of the encrypted PDF can be obtained without the necessary encryption key.
Researchers refer to these vulnerabilities as “PDFex,” which can be summarized as follows:
- Even without knowing the corresponding password, the attacker possessing an encrypted PDF file can manipulate parts of it.
More precisely, the PDF specification allows the mixing of ciphertexts with plaintexts. In combination with further PDF features which allow the loading of external resources via HTTP, the attacker can run direct exfiltration attacks once a victim opens the file.
- PDF encryption uses the Cipher Block Chaining (CBC) encryption mode with no integrity checks, which implies ciphertext malleability.
This allows us to create self-exfiltrating ciphertext parts using CBC malleability gadgets. We use this technique not only to modify existing plaintext but to construct entirely new encrypted objects.
In the test, the researchers identified two standards-compliant attacks that could compromise the confidentiality of encrypted PDF files. When testing 27 top-level PDF viewers, everyone is vulnerable to at least one type of attack, including Foxit Reader, Adobe Acrobat, Chrome and Firefox.
The researchers concluded that these issues must be addressed in future PDF specifications and will be published at the ACM Conference on Computer and Communications Security next month.