DigitalCIO
No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
Digitalcio
No Result
View All Result
Home Archive

How the New PDFex Attack can Exfiltrate Data from Encrypted PDF Files

DigitalCIO Bureau by DigitalCIO Bureau
October 1, 2019
in Archive
0
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Dubbed as ‘PDFex’, this new cyber attack can exfiltrate data from encrypted PDF files. Read on to know more about it…

Researchers have detailed a new attack that can exfiltrate data from encrypted Portable Document Format (PDF) files. The new PDFex attack can exfiltrate data from encrypted PDF files.

The attack doesn’t target the encryption applied to a PDF document by external software, but the encryption schemes supported by the Portable Document Format (PDF) standard, itself. The PDF standard supports native encryption so that PDF apps can encrypt files that can be opened by any other app, and prevent user lock-in for one specific PDF software due to the use of shady encryption schemes.

Investigation
The researchers tested the PDFex attack techniques against 27 widely used PDF viewers including Adobe Acrobat, Foxit Reader, Evince, Nitro, and Chrome and Firefox’s built-in PDF viewers, and found all of them to be vulnerable. The researchers found that an attacker can manipulate an encrypted PDF file, even without knowing the corresponding password.

Variants
Dubbed ‘PDFex’, the attack comes in two technique variants. The two variants of PDFex attack include Direct Exfiltration and CBC Gadgets.

Data Exfiltration: This technique takes advantage of the fact that PDF apps don’t encrypt the entirety of a PDF file, leaving some parts unencrypted. Thus, an attacker can modify the unencrypted field, add unencrypted objects, or wrap encrypted parts into a context controlled by the attacker. This can be done via PDF forms, or hyperlinks, or Javascript codes.

CBC Gadgets: In this technique, attackers use CBC gadgets to exfiltrate plaintext. PDF encryption generally defines no authenticated encryption, therefore, attackers can modify the plaintext data directly within an encrypted object, for example, by prefixing it with an URL.

“This attack has two necessary preconditions:

• Known plaintext: To manipulate an encrypted object using CBC gadgets, a known plaintext segment is necessary. For AESV3 – the most recent encryption algorithm – this plain- text is always given by the Perms entry. For older versions, known plaintext from the object to be exfiltrated is necessary.

• Exfiltration channel: One of the interactive features: PDF Forms or Hyperlinks,” researchers explained.

Working Mechanism
To be noted, the PDFex attacks don’t allow an attacker to know or remove the password for an encrypted PDF; instead, enable attackers to remotely exfiltrate content once a legitimate user opens that document. In other words, PDFex allows attackers to modify a protected PDF document, without having the corresponding password, in a way that when opened by someone with the right password, the file will automatically send out a copy of the decrypted content to a remote attacker-controlled server on the Internet.

PDF encryption uses the Cipher Block Chaining (CBC) encryption mode with no integrity checks, this allows anyone to create self-exfiltrating ciphertext parts using CBC malleability gadgets. Most of the data formats allow us to encrypt only parts of the content. This encryption flexibility allows an attacker to include their own content, which can lead to exfiltration channels.

“More precisely, the PDF specification allows the mixing of ciphertexts with plaintexts. In combination with further PDF features which allow the loading of external resources via HTTP, the attacker can run direct exfiltration attacks once a victim opens the file,” researchers described in a blog.

Share30Tweet19
DigitalCIO Bureau

DigitalCIO Bureau

Recommended For You

Pax8 Introduces Era of Managed Intelligence

by DigitalCIO Bureau
June 19, 2025
0
Pax8 Introduces Era of Managed Intelligence

Pax8 has released its inaugural research report, The Agentic Inflection Point: And the Rise of the Managed Intelligence Provider. The comprehensive study defines the future of small-to-midsized business (SMB) operations, transformed...

Read moreDetails

Barracuda Unveils AI-Powered Cybersecurity Platform BarracudaONE in India

by DigitalCIO Bureau
June 3, 2025
0

Barracuda Networks has unveiled the BarracudaONE AI-powered cybersecurity platform. BarracudaONE maximizes threat protection and cyber resilience by unifying layered security defenses and providing deep, intelligent threat detection and response for...

Read moreDetails

Check Point Acquires Veriti To Minimize Digital Vulnerabilities

by DigitalCIO Bureau
May 28, 2025
0
Check Point Acquires Veriti To Minimize Digital Vulnerabilities

Check Point Software Technologies has announced a definitive agreement to acquire Veriti Cybersecurity, the first fully automated, multi-vendor pre-emptive threat exposure and mitigation platform. “The acquisition of Veriti...

Read moreDetails

Vats Srivatsan named Interim CEO of WatchGuard Technologies

by DigitalCIO Bureau
May 8, 2025
0
Vats Srivatsan named Interim CEO of WatchGuard Technologies

WatchGuard Technologies Chief Executive Officer (CEO) Prakash Panjwani will transition out of his operational role, continuing to serve on the Board of Directors and as a strategic advisor...

Read moreDetails

Google 2024 Ads Safety Report: AI plays key role in safer advertising ecosystem

by DigitalCIO Bureau
April 19, 2025
0
Google 2024 Ads Safety Report: AI plays key role in safer advertising ecosystem

Google has released its 2024 Ads Safety Report, demonstrating how it is using advanced AI technology to create a safe and responsible advertising ecosystem. A notable finding from...

Read moreDetails
Next Post

New Google Internet protocol under anti-trust probe: Report

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

Check Point Acquires SASE Security Firm Perimeter 81

UST Acquires ISG Automation

October 3, 2024

Infosys expands strategic partnership with Google Cloud

August 22, 2019
Fortinet Gets Recognized By Gartner

Fortinet Gets Recognized By Gartner

September 25, 2023

Browse by Category

  • Acquisition
  • Appointment
  • Archive
  • Artificial Intelligence
  • CIO Interviews
  • Cloud
  • Datacenter
  • Events and Conferences
  • Market Insights
  • News
  • Opinion and Analysis
  • Products
  • Resources
  • Security
  • Storage
  • Tech News
  • Telecom
Digitalcio

Welcome to DigitalCIO, your ultimate source for staying ahead in the ever-evolving world of technology and business.

BROWSE BY TAG

Acquisition AI Appointment artificial intelligence Artificial Intelligence and Machine Learning AWS Big Data and Analytics Blockchain CISCO Cloud Computing Cloudflare Commvault CrowdStrike Cybersecurity Dell Technologies Digital Transformation Dynatrace E-books Fortinet Gartner GenAI Generative AI Google Cloud HCLTech Honeywell IBM Infographics Internet of Things (IoT) Kaspersky Microsoft Netskope NTT DATA Palo Alto Networks Panel Discussion Qlik Salesforce ServiceNow Sophos Tenable Veeam Veeam Software Vertiv Webinars Whitepaper Zscaler

CATEGORIES

  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
  • Archive

NAVIGATION

  • Home
  • About Us
  • Advertise with Us
  • Contact Us

© 2024 digitalcio.in - All rights reserved.

No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources

© 2024 digitalcio.in - All rights reserved.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?