What if the encrypted PDF wasn't that secure?
Usually when we have a document in PDF format, sometimes we want to encrypt it to keep it out of prying eyes.
However, it turns out that this is no longer the ideal solution.
This article will also interest you: The best encryption software in 2019
Cybersecurity experts, following research, have discovered that the standard PDF format makes it vulnerable to certain security vulnerabilities known as " PDFex." It could be that all format reader programs PDF are affected by this security breach.
We all know that the PDF format already integrates standard encryption schemes. This original feature is intended to to ensure that the file is confidential while having the ability to decrypt via it's a special drive, and also avoid certain decryption methods that would not be appropriate.
However, the native features for the standard PDF are not that robust. Their weakness has been demonstrated by 6 computer security specialists from some German universities, (Ruhr; Bochum; from Munster…). They simply saw that it was possible to activate a a set of computer attacks that can help decrypt an encrypted PDF. And according to the method used, it did not consist of reveal the password but simply take advantage of the security flaw to reveal the contents of the PDF.
The first time was that the encryption does not really affect all documents. As a result, any hacker had the option to modify the document by inserting other items such as an external link, a form or even a JavaScript code.
This is so when the main user opens the PDF file, he commits by this action the essential gesture to transmit the content of documents to the hacker.
It was found in the researchers' analysis that this kind of violation affects about 6 companies out of 10. The most terrible thing about this story is that all readers of PDF files we're starting to take in charge of the partially encrypted files.
The second security flaw is related to the CBC encryption mode for Cipher Block Chaining, a French translation that gives blocks. We realize that most PDF readers do not have this feature that allows to check the integrity of the files they are supposed to read. This means that hackers can attack the contents of the files directly in the encrypted part this time.
To achieve its exploits, hackers use certain tools called "CBC gadgets" that will allow them to add certain essential elements to carry out their hacking and thus access the file remotely. Tests on 7 readers divided between different types of external applications such as Acrobat Reader DC, foxit Reader and Nitro pro, or browser-integrated readers such as Firefox opera Mini Safari and Google Chrome. The conclusion is the same. All readers are vulnerable without exception.
Now access an unlimited number of passwords: