Ad Banner

Researchers discover ‘severe weaknesses’ in PDF encryption standard

Researchers from Ruhr-University Bochum and Munster University found what they referred to as “severe weaknesses” in the Portable Document Format (PDF) encryption standard.

According to a blog post published by the researchers, the said flaw could reportedly lead to full plaintext exfiltration in an active-attacker scenario, meaning attackers can acquire the contents of an encrypted PDF without having the requisite encryption keys.

According to the researchers, the problems known as PDFex can be summarized as follows:

1. Even without knowing the corresponding password, the attacker possessing an encrypted PDF file can manipulate parts of it.

More precisely, the PDF specification allows the mixing of ciphertexts with plaintexts. In combination with further PDF features which allow the loading of external resources via HTTP, the attacker can run direct exfiltration attacks once a victim opens the file.

2. PDF encryption uses the Cipher Block Chaining (CBC) encryption mode with no integrity checks, which implies ciphertext malleability.

This allows us to create self-exfiltrating ciphertext parts using CBC malleability gadgets. We use this technique not only to modify existing plaintext but to construct entirely new encrypted objects.

During researchers’ security analysis, they were able to identify two standard compliant attack classes which break the confidentiality of encrypted PDF files. Based on their evaluation, all of the 27 widely-used PDF viewers including Adobe Acrobat, Foxit Reader, Evince, Okular, Chrome, and Firefox are vulnerable to at least one of such attacks.

The researchers then mentioned possible root causes of the problem, mentioning how many data formats allow to encrypt only parts of the content as well as the encryption without integrity protection in general which is still widely supported.

(Photo source: )