Researchers have developed an attack that can allow threat actors to extract and steal data from encrypted PDF files.
The attack named PDFex, has two variants, both of which can allow PDF documents to be modified, thus allowing an attacker to extract and steal data.
Researchers tested PDFex against 27 desktop and web PDF viewers, including Foxit Reader, Adobe Acrobat, Chrome, Evince and Firefox’s built-in-PDF viewers.
The German researchers identified issues within the vast majority of PDF readers, whereby both encrypted and unencrypted context coexist within the PDF standard. Therefore a threat actor could change an encrypted document and add unencrypted malicious ‘elements’.
The researchers wrote: “Encrypted PDF files do not have integrity protection. Thus, an attacker can modify the structure of encrypted PDF documents, add unencrypted objects, or wrap encrypted parts into a context controlled the attacker.”
“In the given example, the attacker abuses the flexibility of the PDF encryption standard to define certain objects as unencrypted. The attacker modifies the Encrypt dictionary (6 0 obj) in a way that the document is partially encrypted – all streams are left AES256 encrypted while strings are defined as unencrypted by setting the Identity filter. Thus, the attacker can freely modify strings in the document and add additional objects containing unencrypted strings.”
The attack can be conducted without any user interaction or knowledge.
The second attack variant, uses the Cipher Block Chaining (CBC) gadget to go after the encrypted pieces of a PDF file.
“CBC gadgets means that the ciphertext is modified to exfiltrate itself after decryption,” said Sebastian Schinzel, one of the researchers, on Twitter.
By using a CBC gadget, an attack could modify the encrypted content in order to create PDF files that submit their own content to remote servers.
“Our evaluation shows that among 27 widely-used PDF viewers, all of them are vulnerable to at least one of those attacks.”
“These alarming results naturally raise the question of the root causes for practical decryption exfiltration attacks. We identified two of them.
“First, many data formats allow to encrypt only parts of the content (e.g., XML, S/MIME, PDF). This encryption flexibility is difficult to handle and allows an attacker to include their own content, which can lead to exfiltration channels.
“Second, when it comes to encryption, AES-CBC – or encryption without integrity protection in general – is still widely supported. Even the latest PDF 2.0 specification released in 2017 still relies on it,” the researchers added. “This must be fixed in future PDF specifications.”
These attacks all rely on an attacker being able to access the victim’s network traffic, or having actual physical access to a storage system.
The six researchers will be presenting their findings at the ACM Conference on COmputer and Communications Security in November.