PDFex was tested against 27 desktop and web PDF viewers, such as Adobe Acrobat, Foxit Reader, Evince, Nitro, and the built-in PDF viewers of Chrome and Firefox. All of the tested PDF viewers were found vulnerable.
It is important to note that the attack is targeting the encryption supported by the Portable Document Format (PDF) standard, not external applications.
The PDF Encryption Explained
To guarantee confidentiality, PDF files can be encrypted, the researchers explained. The encryption should ensure the secure transfer and storing of sensitive documents without the need of additional protection mechanisms.
The key management between the sender and recipient may be password based (the recipient must know the password used by the sender, or it must be transferred to them through a secure channel) or public key based (i.e., the sender knows the X.509 certificate of the recipient).
In their research, the academical team analyzed the security of encrypted PDF files and revealed how attackers can exfiltrate the content without the corresponding keys.
The PDFex Vulnerabilities Explained
There are two variants of the PDFex attack, the first of which is known as “direct exfiltration”. The explanation for it is the following:
Even without knowing the corresponding password, the attacker possessing an encrypted PDF file can manipulate parts of it. More precisely, the PDF specification allows the mixing of ciphertexts with plaintexts. In combination with further PDF features which allow the loading of external resources via HTTP, the attacker can run direct exfiltration attacks once a victim opens the file.
The second type of attack targets the encrypted parts of the PDF file by utilizing something known as CBC (Cipher Block Chaining). The CBC encryption mode is employed by the PDF encryption without integrity checks, thus creating ciphertext malleability. The researchers were able to create self-exfiltrating ciphertext parts via the CBC malleability gadgets. This technique was used “not only to modify existing plaintext but to construct entirely new encrypted objects”.
In conclusion, the researchers identified two root cases for these attacks:
First, many data formats allow to encrypt only parts of the content (e.g., XML, S/MIME, PDF). This encryption flexibility is difficult to handle and allows an attacker to include their own content, which can lead to exfiltration channels. Second, when it comes to encryption, AES-CBC – or encryption without integrity protection in general – is still widely supported. Even the latest PDF 2.0 specification released in 2017 still relies on it,” the research team added.
This issue must be fixed in future PDF specifications, the team concluded. You can read the research titled “Practical Decryption exFiltration: Breaking PDF Encryption” to get a detailed idea of the PDFex attacks.