Archive for February, 2011

Security and Privacy Issues in the PDF Document Format

Add a comment

Researchers at Universidad Politecnica de Madrid (UPM) recently conducted a study examining security and privacy threats related to digital document publishing. The study focused on the PDF document format and addressed publisher-related information that is leaked once the document is distributed over the Internet. The UPM researchers developed several tools that extract information from PDF documents. The researchers say that users can be in danger every time a digital document is downloaded. For example, the study notes that metadata information such as the user name or the last day the document was edited can lead to privacy breaches since most document authors are not aware that the information remains available once the document is published. Meanwhile, the researchers found that poor document format design is responsible for leaking other potentially sensitive information. For example, the researchers note that when a paragraph is deleted, PDF authoring applications do not remove the text and instead mark it as invisible. As a result, the data can be read by malicious users that know what to look for. The researchers’ main goal is to make users aware of the risks associated with publishing a document on the Internet and to provide effective guidelines to minimize the leakage of sensitive information.

Full article here.