New Study Reveals Hackers Can Now Extract Content Even from the Protected Documents

PDF files are known to be a standard form of official documentation because of security reasons, but if someone wants to ensure the safety of their file, they can also use a password-protected PDF file. Protecting the documents via password is a widely used practice, however, new research has explained that no matter how much you feel safe while protecting your document with the help of a password, hackers can extract the documents even if the PDF file has been protected by a password.

In a recent research paper, written by Germany based researchers from Ruhr-University Bochum and M√ľnster University of Applied Sciences, it was explained that there are two different ways that most of the hackers use for attacking PDF files. However, PDF files are not just limited to one or two types, in fact, there are 2 different types of widely used variation which includes famous PDF viewers like Evince, Firefox and Chrome built-in PDF viewers and the most famous of all Adobe Acrobat Reader. After a clear description of how hackers are hacking files and documentation, they are trying to raise awareness that these PDF viewers are vulnerable.

To explain the hacking process of the password, protect PDF files, these researchers explained that hackers are not cracking the password at all. Instead, they are taking advantage of partial encryption support that has been provided natively by the PDF specification for the remotely provided exfiltrate data, once the user opens up the file.


Most of the people still, think that to open a password-protected file, hackers must crack the password first, so they try to keep the password as strong as possible. Researchers explained that this is not true in this case, instead, hackers can even extract the file without knowing the password. Once the hackers have access to the encrypted PDF file, they can manipulate various parts of the file. To explain the manipulation without cracking code, researchers said that PDF files mainly allow the mixing of ciphertexts and plaintexts. With the help of more features in PDF that mainly allow the loading of the external resources through HTTP, hackers can simply exfiltration attacks when the receiver opens the document.


Photo: Lumina Images / Getty Images

Read next: US, UK, Australia Governments Urge Facebook to End Message Encryption

No comments:

Post a Comment