Researchers Crack PDF Encryption

A digital padlock. Security, privacy

Two variants of ‘PDFex’ attack could allow PDF documents to be modified so that their contents are automatically exfiltrated to an attacker

Researchers have found ways around the standard encryption built into the PDF format, which could allow attackers to extract data from supposedly secure documents.

The issues, which affect the vast majority of PDF readers, are found in the standard itself, making them more difficult to remedy, the researchers said.

The team of six academics from Ruhr-University Bochum and Münster University in Germany said the issues arise because of the fact that the PDF standard allows encrypted and unencrypted content to coexist within the same document, and because of limitations in an encryption method supported by the standard.

Because the standard allows PDFs to contain both encrypted and unencrypted content, an attacker could modify an encrypted document to add unencrypted malicious elements.

networksEncryption weakness

Those elements could be designed to transmit the contents of the PDF to the attacker via the internet once the document is decrypted by an authorised user, the researchers said.

“Encrypted PDF files do not have integrity protection,” they wrote in a technical document.  “Thus, an attacker can modify the structure of encrypted PDF documents, add unencrypted objects, or wrap encrypted parts into a context controlled the attacker.”

For instance, the attacker could define a PDF Action that automatically submits a form containing the encrypted content once the document is decrypted.

This attack could be executed without the user’s interaction or knowledge.

A second variant on the attack makes use of the fact that PDF standard encryption uses the Cipher Block Chaining (CBC) encryption mode with no integrity checks, allowing the ciphertext to be modified using CBC malleability gadgets.

The ciphertext is modified so that, as in the first variant, it automatically exfiltrates itself when the document is decrypted.

PDFex

While the first variant, called direct exfiltration, was found to work on 23 out of 27 tested PDF viewers, all of the viewers were vulnerable to the CBC gadget attack.

The researchers said they have contacted the relevant PDF viewer makers, which are releasing updates that fix the issues.

The researchers said future versions of the PDF standard must address the fact that encryption without integrity protection is still allowed.

The six researchers are to present their findings on the PDF exfiltration attacks, which they called PDFex for short, at the ACM Conference on Computer and Communications Security in November.

Some of the same researchers publicised vulnerabilities in PDF signatures in Feburary, and in May 2018 the group outlined an attack they called “eFail” that affects PGP-encrypted emails.