InfoconDB

Presented at Black Hat Europe 2019, Dec. 5, 2019, 10:45 a.m. (50 minutes)

PDF is among the most widely used document formats worldwide. To ensure confidentiality, PDF supports document encryption. In this talk, we analyze PDF encryption and show two novel techniques for breaking the confidentiality of encrypted documents. First, we abuse the PDF feature of partially encrypted documents to wrap the encrypted part of the document within attacker-controlled content and therefore, exfiltrate the plaintext once the document is opened by a legitimate user. Second, we abuse a flaw in the PDF encryption specification to arbitrarily manipulate encrypted content. The only requirement is one single block of known plaintext, which we show is fulfilled by design. Our attacks allow the recovery of the entire plaintext of encrypted documents by using exfiltration channels, based on standard compliant PDF properties.

We evaluated our attacks on 27 widely used PDF viewers and found all of them to be vulnerable. We responsibly disclosed the vulnerabilities and supported the vendors mitigating the issues.

Presenters:

Fabian Ising - M.Sc., Münster University of Applied Sciences
Fabian Ising is a first-year PhD student at Münster University of Applied Sciences and Ruhr University Bochum. His research focuses on analysis of applied cryptography. Apart from applied cryptography, he spends time on medical security and web security. He has experience as a penetration tester and code auditor. In his free time, he likes to solve CTF and hacking challenges.
Jens Müller - M.Sc., Ruhr University Bochum
Jens Müller is a PhD student at the Chair for Network and Data Security, Ruhr University Bochum. He has experience as a freelancer in network penetration testing and security auditing. In his spare time, he develops free open source software, for example tools related to network printer exploitation.

How to Break PDF Encryption

Presenters:

Links:

Similar Presentations: