A major Security risk posed by PDF Files- Details inside

0
1537
A major Security risk posed by PDF Files- Details inside
A major Security risk posed by PDF Files- Details inside

PDF files despite being coated with added encryption could be hacked very easily, team academics have found

The new attack, called PDFex, comes in two nuances and in testing, it was succeeded in being able to hack data from PDF files in 27 desktop and web PDF readers including Adobe Acrobat, Foxit Reader, Nitro and from Chrome and Firefox’s in-built PDF viewers.

pdf doesn’t in fact only target the encryption tried on PDF documents by outside software. Rather the attack relies on the encryption patterns instilled by the Portable Document Format (PDF) which means all PDFs are suspect irrespective of the software used to look at them.

See also: Cedar Rapids will buy Hawkeye Downs pledges funds to improve Business

-A famous PDF app could have downloaded malware on your Android phone

-How to revise PDF for free

-Businesses still aren’t securing their removable devices with encryption.

A major Security risk posed by PDF Files- Details inside
A major security risk posed by PDF Files- Details inside

pdf variations

In a blog post published by the researchers, it has been revealed that encrypted PDF documents are suspect to two attacks types that are known by the process used to carry out the attack and exfiltrate information

The first, called “direct exfiltration” relies on the fact that PDF software doesn’t encrypt the whole of a PDF file and in fact leaves a few parts as it is. By tampering with these unencrypted fields, an attacker can develop a false trap PDF file that will attempt to send the file’s content back to an attacker when decrypted and opened.

The second PDFex attack variation relies on the details of a PDF file that is encrypted. By using CBC gadgets, an attacker can edit the plaintext data contained in a PDF at its source.

See also  Black Mirror Season 6? Has Netflix Renewed The anthology? Here’s Every Detail Of It

This shows that an attacker can use a CBC gadget to edit the encrypted content to create another false trap to mislead PDF files that submit their own content to remote servers using PDF forms or URLs.

Also Read: Weidner Apartment Homes with Alaska invests in homeless solutions

All of the different methods of PDFex require than an attack be able to edit user’s encrypted PDF files. However, to do this they would have to hijack a victim’s network traffic or have physical access to their devices or storage.

LEAVE A REPLY

Please enter your comment!
Please enter your name here