People think that encrypting PDF files before sending them through email or stored on their local device keeps the content safe from unauthorized users. However, it is shocking that recently, researchers discovered a new vulnerability in PDF data encryption. This vulnerability could be exploited by attackers who extract the contents of an encrypted PDF file. The vulnerability is known as Dubbed PDFex, which was discovered and documented by researchers from two Universities in Germany – Munster University of Applied Science and Ruhr University Bochum. According to the research, the attacks come in two variants. These are Direct Exfiltration and CBC gadgets.

Direct Exfiltration – What does this mean?

The PDF specification conveys with native encryption – Asymmetric data encryption. This encrypts files with a password that is transmitted to the receiver via public key encryption. Researchers recently unveiled a vulnerability in this type of data encryption. For flexibility, PDF applications do not encrypt the entire PDF file, some parts are left unencrypted, without any integrity check or authentication. This allows the attacker to modify and tamper with the unencrypted field so that when the receiver attempts to open the encrypted file, it sends the content of the file back to the attacker. The Dubbed “PDFex” vulnerability attack can be carried out using hyperlinks, Javascript codes or PDF forms.

CBC Gadgets – What is this about?

The researchers used another advanced technique to exfiltrate plaintext because some PDF editors don’t support unencrypted fields within PDFs. This makes it impossible for attacks to be launched via unencrypted fields. However, due to lack of integrity, attackers can exfiltrate the plaintext from the ciphertext using a tool known as CBC (Cipher Block Chaining) or malleability gadgets. The researchers tested both attacks against 27 widely used PDF editors, including Okular, Nitro, Chrome, Firefox, Foxit Reader, and Evince. Amazingly, all were found to be vulnerable. As a result, more work needs to be done in the aspect of CBC/AES’s integrity encryption.