Researchers have developed a brand new method that enables attackers to extract contents of a password-protected or encrypted PDF file underneath particular circumstances.

In a paper — titled “Practical Decryption exFiltration: Breaking PDF Encryption” — German lecturers from Ruhr-College Bochum and Münster College of Utilized Sciences disclosed two totally different variations of the assault that left over 23 extensively used PDF viewers, together with Adobe Acrobat Reader, Evince, and Chrome and Firefox’s built-in PDF viewers, weak.

Referred to as PDFex, the assault exploits safety weaknesses in the usual encryption safety constructed into the Moveable Doc Format, also referred to as PDF.

The tactic doesn’t try to crack the password of an encrypted PDF doc. It relatively works by profiting from partial encryption supported natively by the PDF specification to remotely exfiltrate content material as soon as a consumer opens that doc.

“Even with out realizing the corresponding password, the attacker possessing an encrypted PDF file can manipulate components of it,” the researchers said. “Extra exactly, the PDF specification permits the blending of ciphertexts with plaintexts. Together with additional PDF options which permit the loading of exterior assets by way of HTTP, the attacker can run direct exfiltration assaults as soon as a sufferer opens the file.”

In different phrases, an attacker can modify a password-protected PDF file in such a manner that when it’s opened with the fitting password, a replica of the decrypted content material is robotically transmitted to a distant server managed by the attacker by way of a PDF kind, URL, or JavaScript code.

Extra worryingly, the direct exfiltration achieved by tampering the unencrypted plaintext information through PDF kinds doesn’t even require any kind of consumer interplay.

The second variation of the assault does one thing related, however in contrast to the aforementioned technique, it makes use of solely utilizing the encrypted bits of the PDF file. It makes use of Cipher Block Chaining (CBC) mode of encrypting blocks of plaintext to transform a piece of ciphertext into another ciphertext, a property in cryptography referred to as malleability.

CBC mode employs a chaining mechanism to encrypt information, which implies that encryption of every plaintext block relies upon on the instantly previous ciphertext block. In consequence, it’s essential to know a “plaintext phase” with the intention to straight manipulate an encrypted object, the researchers famous.

Credit score: Wikipedia