In a recent research paper, written by Germany based researchers from Ruhr-University Bochum and Münster University of Applied Sciences, it was explained that there are two different ways that most of the hackers use for attacking PDF files. However, PDF files are not just limited to one or two types, in fact, there are 2 different types of widely used variation which includes famous PDF viewers like Evince, Firefox and Chrome built-in PDF viewers and the most famous of all Adobe Acrobat Reader. After a clear description of how hackers are hacking files and documentation, they are trying to raise awareness that these PDF viewers are vulnerable.
To explain the hacking process of the password, protect PDF files, these researchers explained that hackers are not cracking the password at all. Instead, they are taking advantage of partial encryption support that has been provided natively by the PDF specification for the remotely provided exfiltrate data, once the user opens up the file.
Most of the people still, think that to open a password-protected file, hackers must crack the password first, so they try to keep the password as strong as possible. Researchers explained that this is not true in this case, instead, hackers can even extract the file without knowing the password. Once the hackers have access to the encrypted PDF file, they can manipulate various parts of the file. To explain the manipulation without cracking code, researchers said that PDF files mainly allow the mixing of ciphertexts and plaintexts. With the help of more features in PDF that mainly allow the loading of the external resources through HTTP, hackers can simply exfiltration attacks when the receiver opens the document.
Photo: Lumina Images / Getty Images
Read next: US, UK, Australia Governments Urge Facebook to End Message Encryption
