Hiding Content in PDF files
Didier Stevens' work with demystifying the inner workings of the PDF file format has attracted attention over recent months and his most recent discovery holds promise for adding PDF files to the list of formats that can be used to hide surreptitious content from prying eyes, with the added benefit that it is effectively hidden from the PDF reader that is parsing the encompassing document.
To encourage further research and work into this particular aspect of PDF wrangling, he has released a tool that can be used to create a secretly embedded PDF while also providing a detailed step through of the process involved.
It really boils down to the handling of case-sensitive names in the file itself. Because the correct means to reference an embedded file is via /EmbeddedFiles, the corruption to /Embeddedfiles means that a specification-compliant PDF reader should just ignore that and continue on with parsing the rest of the file.
Of course, if a non-standard PDF reader is used, then the hidden content may not be so hidden anymore. Recovering the hidden content can be as simple as changing a single hex value.
As Didier points out, there are plenty of methods available to make the hidden content even harder to find and encounter.
As a speaker at the upcoming Brucon security conference in Brussels, it is guaranteed that there is going to be plenty more interesting material relating to PDF manipulation and discovery to be presented there.
19 July 2009
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.
Subscribe to our feed.