PDF Security Compromised in Gmail?

Google says it's implementing a fix, but circumventing PDF security right now could be as easy as opening the document inside Google's e-mail service.

PDF authors go to great lengths to protect their documents. But circumventing PDF security could be as easy as opening the document inside Googles e-mail service.

Last month, a blog post written by Andreas Bovens—a Belgian doctoral candidate in Japanese Studies attending school in Tokyo—demonstrated how Gmails PDF-to-HTML filter could circumvent some rights-management features in PDFs, such as copying and printing limitations set by a PDF documents author.

That loophole, according to Adobe Systems, either is now closed or will be shortly. John Landwehr, Adobes director of security solutions and strategy, said that Adobe contacted Google when it learned of the issue and the two companies worked together on a fix.

"Googles implementation of Gmail Web-based e-mail was not accurately interpreting particular permission bits via its PDF-to-HTML conversion," Landwehr wrote in an e-mail to PDFzone. "As an aside, the Google.com search engine does interpret these bits correctly."

The DRM (digital rights management) issue involves the PDF viewer and how it parses the instructions that PDF authors indicate in their authoring software when creating the PDFs. The document spec enables authors to allow readers to print or copy and paste the contents of a PDF document, or to disallow these actions.

According to bloggers who had tested several documents, while Gmail didnt always handle page layout and images with perfect fidelity on DRM-enabled documents, it did allow users to print and copy content the authors had not wished to be duplicated.

"We were notified of an issue with the way PDFs were displayed in Gmail and worked with Adobe on a change that is now being deployed," said a Google spokesperson in an e-mail to PDFzone.

/zimages/6/28571.gifRead the full story on PDFzone.com: PDF Security Compromised in Gmail?