27C3 – OMG WTF PDF
I just came across the slides for a presentation given by Julia Wolf, a senior researcher with FireEye. I only have the slides, unfortunately, but they are a fairly good technical summary of the basic details of PDF format and how it can be hacked.
From the summary:
PDFs are currently the greatest vector for drive-by (malware installing) attacks and targeted attacks on business and government. A/V technology is extraordinarily poor at detecting these. The PDF format itself is so diverse and vague, that an A/V would need to be 100% bug-compatible with the parser in the vulnerable PDF reader.
You can also do cool tricks like make a single PDF file that displays completely differently in several different readers.
If this presentation doesn’t scare you then trust me, it should.
27C3 Update: The video of the presentation has been uploaded to Youtube.
P.S. Note that the slides are a PDF and the presentation is on PDF hacking. I find that amusing, don’t you?
fjtorres January 2, 2011 um 3:59 pm
Essentially it means that not only are PDFs not really ebooks, they have long since stopped being documents and are properly seen as self-executing software targetting the Acrobat runtime environment. (Or equivalents.)
And people routinely execute these things on their computers and printers with nary a though of where they come and what’s in them.
Maybe *that* is where Skynet comes from.
We really *are* all doomed. 🙂
Zigwalski January 2, 2011 um 11:08 pm
I am building my firewall as we speak….that is right, a Wall of Fire to protect me from the machines!
Neeraj Rawat January 3, 2011 um 5:25 am
great information even the google hack in china was done using a pdf vulnerability
Jakob January 3, 2011 um 5:32 pm
The video recording is now available and you can also view it at YouTube: http://www.youtube.com/watch?v=54XYqsf4JEY
Nate the great January 3, 2011 um 5:37 pm