PDF (Portable Document Format)

A PDF (Portable Document Format) is a file format designed to present documents consistently across multiple devices and platforms. Since developed by Adobe 1992, it’s become one of the most widely used formats for saving and exchanging documents. PDF files store a wide variety of data, including formatted text, metadata, vector graphics, and images. They also contain page layout information, which defines the location of each item on the page, as well as the size and shape of the pages in the document. The information is all saved in a standard format, so the document looks the same, no matter what device or program is used to open it. For example, if you save a PDF on a Mac, it will appear the same way in Windows, Android, and iOS. 

Source: TechTerms

Additional Reading: Adobe Peps Up PDF On Smartphones With AI-powered Liquid Reformatting

Black Hat Briefing on Exploiting Portable Document Format files (PDFs)

What are the risks to using PDFs in your business?

There’s no reason why businesses shouldn’t be using PDFs. Considering PDFs are files that stay the same for every operating system, it’s a good idea to use them often. With many employees and clients working remotely, there’s a good chance those within the same company have different operating systems at home. With this in mind, using PDFs when sending data is great, as long as it’s something that doesn’t need to be edited (then you’d need a Word or Excel doc). 

Are PDF’s perfectly safe?

PDF’s due to their popularity have become a favorite target of hackers.  As explained in this Black Hat Hacker presentation on PDF Hacking PDF’s are not perfect and have enough code that mistakes and vulnerabilities do exist.  As a best practice for any company, removing administrative access to your desktop computers from their users could prevent some of the exploits in the above presentation from working.  Yet there are other attacks that might not be avoidable.  A PDF can have a link to a Phishing Website embedded within it which is invisible to normal SPAM filtering solutions and could allow your users to compromise their O365 or GSuite username and passwords.

Train your users on all forms of attack, especially on spotting and avoiding Phishing attacks, on the importance of Password Hygiene, and to question everything they do online today.  If you avoid even one security breach, you’ll be so glad you took proactive measures to protect your employees and your business!

Learn about cybersecurity program development with CyberHoot by subscribing to our Newsletter, enrolling your company, and reading our weekly blog articles.

To learn more about PDF files, watch this short video:

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!

Sign Up Today!