Data on PDF Files Less Secured, Researcher Warns
PDF files, which are standard formats used by most businesses to keep their data presentation consistent across the web and computer environment, proved to be less secure as data displayed in this format can be changed depending on operating system platforms and browser, according to Julia Wolf.
Wolf, a security researcher at FireEye based in California, said in the 27th Chaos Computer Club conference in Germany last week that some functions of PDF files can be easily manipulated to direct attacks to targeted networks. For instance, programs in Acrobat Reader can be executed through database connections with poor security, which can start a scan on a certain network once PDF files are printed using that network’s printer.
This problem with the PDF files has been running for some time now but it went unattended before, Wolf said.
According to Wolf, the fact that PDF files can hide a host of data and codes, making it possible to integrate Flash, audio and video files, supports claims that there are possible points of attacks.
Most software used for IT security purposes such as scanners cannot detect the malware present in PDF files.
In response to these problems found in PDF files, Adobe is planning to mount a memory sandbox feature that will make execution of program codes more secured.