New attack dubbed ‘PDFex’ can exfiltrate data from encrypted PDF files
- Dubbed ‘PDFex’, the attack comes in two technique variants - Data exfiltration and CBC Gadgets.
- The researchers tested the PDFex attack techniques against 27 widely used PDF viewers including Adobe Acrobat, Foxit Reader, Evince, Nitro, and Chrome and Firefox's built-in PDF viewers, and found all of them to be vulnerable.
What’s the matter?
Researchers have detailed a new attack that can exfiltrate data from encrypted Portable Document Format (PDF) files. Dubbed ‘PDFex’, the attack comes in two technique variants.
The researchers tested the PDFex attack techniques against 27 widely used PDF viewers including Adobe Acrobat, Foxit Reader, Evince, Nitro, and Chrome and Firefox's built-in PDF viewers, and found all of them to be vulnerable.
- An attacker can manipulate an encrypted PDF file, even without knowing the corresponding password.
- PDF encryption uses the Cipher Block Chaining (CBC) encryption mode with no integrity checks, this allows anyone to create self-exfiltrating ciphertext parts using CBC malleability gadgets.
- Most of the data formats allow us to encrypt only parts of the content. This encryption flexibility allows an attacker to include their own content, which can lead to exfiltration channels.
“More precisely, the PDF specification allows the mixing of ciphertexts with plaintexts. In combination with further PDF features which allow the loading of external resources via HTTP, the attacker can run direct exfiltration attacks once a victim opens the file,” researchers described in a blog.
Two attack techniques
The two variants of PDFex attack include Direct Exfiltration and CBC Gadgets.
In this technique, attackers use CBC gadgets to exfiltrate plaintext. PDF encryption generally defines no authenticated encryption, therefore, attackers can modify the plaintext data directly within an encrypted object, for example, by prefixing it with an URL.
“This attack has two necessary preconditions:
- Known plaintext: To manipulate an encrypted object using CBC gadgets, a known plaintext segment is necessary. For AESV3 – the most recent encryption algorithm – this plain- text is always given by the Perms entry. For older versions, known plaintext from the object to be exfiltrated is necessary.
- Exfiltration channel: One of the interactive features: PDF Forms or Hyperlinks,” researchers explained.