Researchers from Ruhr University Bochum and Münster University of Applied Sciences have devised new attacks allowing them (and potential attackers) to recover the plaintext content of encrypted PDF documents.
The attacks work against 27 widely-used desktop and browser-integrated PDF viewers.
The PDFex attacks (as the researchers collectively dubbed them) can either result in direct exfiltration or exfiltration via CBC gadgets.
Direct exfiltration attacks abuse the fact that some PDF readers don’t encrypt the entire contents of a PDF document.
“The PDF specification allows the mixing of ciphertexts with plaintexts. In combination with further PDF features which allow the loading of external resources via HTTP, the attacker can run direct exfiltration attacks once a victim opens the file. As soon as the file is opened and decrypted by the victim sensitive content is sent to the attacker.” the researchers explained.
“Not all PDF viewers support partially encrypted documents, which makes them immune to direct exfiltration attacks. However, because PDF encryption generally defines no authenticated encryption, attackers may use CBC gadgets to exfiltrate plaintext,” the researchers also found.
All gadget-based attacks modify existing encrypted content or create new content from CBC gadgets. The exfiltration is executed via PDF forms, hyperlinks, or half-open object streams.
The root causes of these security issues is difficult-to-handle encryption flexibility, the existing support of AES-CBC mode and encryption without integrity protection in general, they concluded.
More technical details about the attacks are available here and here.
What to do?
Luckily for all of us, the researchers have responsibly disclosed the flaws to the vendors, provided proof-of-concept exploits, and helped them mitigate the issues.
Since the disclosure happened in May, all of the vulnerable PDF viewers have likely been updated with fixes by now. And even if the haven’t, regularly updating your software is a good idea – so get to it!