Researchers Find New Hack to Read Content Of Password Protected PDF Files


exfiltrating data from encrypted PDF

Looking for ways to unlock and read the content of an encrypted PDF without knowing the password?

Well, that’s now possible, sort of—thanks to a novel set of attacking techniques that could allow attackers to access the entire content of a password-protected or encrypted PDF file, but under some specific circumstances.

Dubbed PDFex, the new set of techniques includes two classes of attacks that take advantage of security weaknesses in the standard encryption protection built into the Portable Document Format, better known as PDF.

To be noted, the PDFex attacks don’t allow an attacker to know or remove the password for an encrypted PDF; instead, enable attackers to remotely exfiltrate content once a legitimate user opens that document.

In other words, PDFex allows attackers to modify a protected PDF document, without having the corresponding password, in a way that when opened by someone with the right password, the file will automatically send out a copy of the decrypted content to a remote attacker-controlled server on the Internet.

The researchers tested their PDFex attacks against 27 widely-used PDF viewers, both for desktop and browser-based, and found all of them vulnerable…

http://feedproxy.google.com/~r/TheHackersNews/~3/xia-EM3bsxc/pdf-password-encryption-hacking.html



Source link

Leave a Comment

Your email address will not be published. Required fields are marked *

Social media & sharing icons powered by UltimatelySocial
error

Enjoy this blog? Please spread the word :)