PDF Network Requests

TL;DR

Yes, PDF files can make network requests to remote computers. This is usually done through JavaScript embedded within the PDF or via specific features like form submissions and linked URLs. It poses a cyber security risk if you open untrusted PDFs.

How PDFs Make Network Requests

1. JavaScript: PDFs support JavaScript, allowing them to execute code. This code can initiate HTTP requests.
   • Example: A malicious PDF could use JavaScript to send your data back to a hacker’s server.
   • Checking for JavaScript: Most PDF readers allow you to disable JavaScript in the security settings. This is a good first step in protecting yourself.
2. Form Submissions: PDFs can contain forms that submit data over the network.
   • How it works: When you fill out and submit a PDF form, the data is often sent to a specified URL.
   • Risk: The submission endpoint could be controlled by an attacker who collects your information.
3. Linked URLs: PDFs can contain hyperlinks that point to remote websites.
   • How it works: Clicking a link in a PDF opens a web browser and connects to the linked URL.
   • Risk: These links could lead to phishing sites or download malware.
4. Embedded Files & Objects: PDFs can embed other files (like Flash objects, which are now outdated but historically relevant) that might attempt network connections.
   • Risk: These embedded objects could contain vulnerabilities exploited to make requests.

How to Protect Yourself

1. Disable JavaScript: This is the most effective way to prevent malicious code execution.
   • Adobe Acrobat Reader: Edit > Preferences > JavaScript. Uncheck “Enable Acrobat JavaScript”.
   • Other Readers: Check your PDF reader’s security settings for a similar option.
2. Be Careful with Untrusted PDFs: Only open PDFs from sources you trust.
   • Think before you click: Don’t open attachments from unknown senders or suspicious emails.
3. Keep Your PDF Reader Updated: Updates often include security patches that address vulnerabilities.
   • Automatic Updates: Enable automatic updates in your PDF reader settings.
4. Use a Virtual Machine (Advanced): Open suspicious PDFs inside a virtual machine to isolate them from your main system.
   • VirtualBox or VMware: These are popular virtualization software options.

Checking for Network Activity (Technical)

You can monitor network activity to see if a PDF is making requests.

1. Wireshark: A powerful network protocol analyzer.
   • Install Wireshark: https://www.wireshark.org/
   • Capture Traffic: Start a capture before opening the PDF and filter by the PDF reader’s process name or IP address.
2. Resource Monitor (Windows): Shows network activity per process.
   • Open Resource Monitor: Search for “Resource Monitor” in the Start Menu.
   • Network Tab: Look for your PDF reader’s process and any associated network connections.