Researchers find flaws in PDF encryption

A team of German academics have this week alerted the world to new research that they claim demonstrates “severe weaknesses” in PDF encryption.

They have identified two methods that can break the confidentiality of encrypted PDF files, dubbed ‘PDFex’ (PDF exfiltration).

After testing 27 of the top PDF viewers using PDF version 1.4, the researchers found all were vulnerable to at least one of the attacks including Adobe Acrobat, Nuance Power PDF, Microsoft Edge and Internet Explorer, Chrome and Firefox.

The vulnerability they found allows an attacker to extract content from encrypted PDFs without knowing the encryption keys or the corresponding password.

PDF encryption is widely used in corporate, legal and health records management. It is embedded in scanner products from companies such as Canon and Samsung.

IBM offers "PDF encryption services for PDF documents and other data (e.g., confidential images) by wrapping them into PDF."

The researchers have shared more information about their findings on a dedicated website.


Business Solution: