How secure is Adobe PDF encryption?

Why Adobe Encrypted PDF files are not secure & superior protection alternatives.

For a long time, encryption has been a staple in the security landscape, but it has always been clear that not all encryption is equal.  This blog post will explore the various issues with Adobe Encrypted PDF files and what you can do about them.

  Adobe PDF exfiltration attacks

When you password protect a PDF file using Adobe, it is encrypted with 256-bit AES encryption in Cipher Block Chaining Encryption (CBC) mode.  Cryptographically, this is fine, but it’s worth remembering that encrypting a PDF only encrypts the contents of the file.  Other information about the PDF, such as the size of its pages, the number of objects, links, etc. are not, which gives attackers a route to circumvent the encryption.  CBC also has a known drawback – it does not have integrity control.

Direct exfiltration attack

Researchers across several German universities found that it is possible to exploit this by adding content to an encrypted PDF document.  As there are no integrity checks, the user would not be alerted to these changes, which could include a submit form function/JavaScript that sends the contents of the PDF to the attacker once it is opened.

Malleability attack

Alternatively, an attacker can exploit the lack of integrity control to change the contents of a cipher block, provided they know part of the plain-text information that was encrypted.  Unfortunately, because Adobe both encrypts editing permissions with the file and stores them in the file in an unencrypted plaintext form, attackers always know what some bytes of the file are.  They can use this information to manipulate encrypted data to send the contents of a file to a third-party site, etc.

Of course, there are many other malicious things you could do with this power, but we’ll leave that to your imagination.

Results

Okay, so PDF encryption is exploitable, but what is the impact in the real world?  Is this limited to a few third-party PDF viewers that nobody has heard of?  Unfortunately, not.  Every mainstream PDF reader out there can have data exfiltrated with one or both of the methods above.  Here are the research’s results:

Source: Müller et al.

As you can see, many PDF readers are vulnerable to direct exfiltration without user input, including Adobe’s flagship Acrobat Reader DC.  Every PDF reader is vulnerable to malleability attacks in one form or another, however, making Adobe Encrypted PDF files not very secure at all.

If you rely on encryption to protect your PDF’s contents when it’s in transit or at rest, it’s time to think again.

  Password sharing and removal

Perhaps of even bigger concern is how easy it is for somebody who is authorized to open your PDF to give access to somebody else.  Adobe Acrobat files are decrypted when the user provides the correct password.  No further checks are performed to determine whether the user should have the password – where they are opening it from, whether it is from a recognized device/network, etc.  As a result, anybody who has the password can pass it along with the PDF file to anybody they like (intentionally or via social engineering/phishing).  Most PDF readers have no tracking, so you won’t even know that it has happened.

Alternatively, an authorized user can just remove the PDF password from the file. Anybody that has the open password can remove it using the security panel in Adobe Acrobat or any number of free PDF password remover tools.  They can then share the file as if it were never protected in the first place.

   Password cracking

All passwords are vulnerable to cracking, and it’s no different when they are used in combination with PDF encryption.  The important thing to realize is that password cracking is a matter of when and not if depending entirely on password strength.  With a complex enough password, you can make that millions of years on current computers with brute force attacks.  Use a weak password, however, and that time can be in the milliseconds due to quick dictionary attacks.

If you just use a password that’s, say, 11 random characters with numbers, upper and lowercase letters, and symbols this problem is solved, right?  Well, unfortunately, it’s not as easy as that.  You also need to worry about:

1. Password management:  Different PDFs need different passwords, otherwise you have a single point of failure. When you consider the hundreds of documents businesses process each day and the need for secure storage and fallbacks, this quickly becomes cumbersome and expensive.
2. Poor password hygiene:  The more complex a password is, the harder time users have remembering it and therefore the more likely they are to note it down insecurely.  It’s not uncommon to see post-it notes with passwords scattered around desks, PDFs shared with the password in an email, or a plaintext file with a password list on a user’s desktop.  If you do put a “forgot password” system in place, that means more strain on your IT department and the potential for that system to be exploited, too.
3. Phishing and social engineering:  Brute-forcing isn’t the only way to get a password.  Users can be tricked into giving even the most secure password via social engineering or phishing attacks.  It’s better if the user has no password they can share so that the attacker has nothing to steal.

What about the PDF permissions password?

Though it’s not made explicitly clear, the Adobe PDF permissions password does not utilize encryption.  Rather, it’s a set of controls that informs the PDF viewing application which options it should grey out.

There are two major problems with this approach.  Firstly, as the permissions are not backed up by cryptography, they are trivial to remove.  There are numerous online and offline applications that will remove Adobe PDF permissions in seconds.  Editing and printing are quickly restored.

The second issue is with enforcement.  For Adobe permissions to work, the PDF reader application needs to have a mechanism through which it can disable certain functions.  Adobe’s system naively trusts that third-party PDF reader developers will take the time to implement its controls.  You can see the results for yourself: just open a permission-protected PDF in Mac Preview or Google Docs.  No restrictions at all and minimal effort is required.

   Are certificates more secure than password security?

Encrypting a PDF with a certificate is more secure than password protection (especially if you want to send a PDF securely) since the recipient must have a private key to decrypt it.  Unlike the sharing of passwords, users won’t be as keen on sharing their private keys.  However, permissions to restrict editing, etc. can just as easily be removed, so users can print to PDF to create an unprotected copy.

Our blog on PDF password or certificate encryption covers which is the best security method.

  The bottom line: How secure is Adobe PDF encryption?

The encryption algorithm – AES vs RSA, and key size – 128-bit vs 256-bit, etc. is important, but so too is the way it is implemented in apps and services.  Adobe PDF encryption is one example where poor implementation can lead to disastrous results.

Adobe encrypted PDF files just have too many flaws to be used for the protection of sensitive or confidential data.  They are of limited use when a PDF is in transit and at rest due to exfiltration attacks and they don’t stop sharing, editing, or printing because passwords can easily be shared and permissions removed in seconds.

Ultimately, the PDF format was not built with security in mind.  Indeed, it wasn’t until after its initial release that Adobe tacked on some half-hearted controls.  The focus from the beginning has been on convenience and shareability, and despite Adobe’s best efforts, protected PDFs are still very shareable.

Instead of relying on Adobe encryption, businesses should look to purpose-made software to protect their PDF files.

  Safeguard PDF DRM – the best way to encrypt PDF files

Locklizard Safeguard DRM protects files without passwords or certificates, instead locking PDFs to specific devices using a combination of AES 256-bit encryption, licensing, and a secure viewer application.  In doing so, it prevents:

• Unauthorized users from opening files: Users can only open a PDF if they have a valid license file activated on their PC or mobile device. A license file can only be installed on one device (unless otherwise configured).
• Authorized users from sharing file’s encryption key: The keystore is encrypted and does not function if moved or copied to another device.
• Content extraction: Copy and paste, screenshotting (first or third-party), and PDF printing are disabled by default.  Physical printing can also be disabled or limited.
• Editing: The Safeguard PDF viewer application does not have editing functionality built-in. Users cannot open PDFs protected with Safeguard in any other application, nor can they extract the content, and therefore they cannot edit the file.
• Printing: Prevent printing or limit prints to a certain number of copies, black and white, or grayscale.
• Use after a defined period: Safeguard PDF allows you to expire documents after a certain date, number of days from first open, number of prints, or number of opens.  You can also revoke PDF access manually at any point.
• The sharing of phone pictures and printed copies: Locklizard Safeguard comes with a dynamic watermarking system. You can protect a document with a watermark and add variables like name and email address.  These variables will then be automatically adjusted to match the user when they open the document.  They won’t be able to share any version of it without having their name and email address clearly on show.  Unlike Adobe watermarks that can be simply removed, Locklizard’s are permanent.
• Untraceable usage: Monitoring tools allow you to see how many times your document was opened and printed, by whom, and where from.

Locklizard provides the ultimate in PDF protection, ensuring your PDF documents are secured both online and offline in any location.

You can read more about Safeguard and its features here.  Or, to add security to your PDF without passwords and protect your royalties or sensitive information, take a 15-day free trial of our DRM software.