Wired: “Popular redaction tools don’t always work as promised, and new attacks can reveal hidden information, researchers say. For years, if you wanted to protect sensitive text in a document, you could grab a pair of scissors or a scalpel and cut out the information. If this didn’t work, a chunky black marker pen would do the job. Now that most documents are digitized, securely redacting their contents has become harder. The majority of redactions—by government officials and courts—involve placing black boxes over text in PDFs. When this redaction is done incorrectly, people’s safety and national security can be put at risk. New research from a team at the University of Illinois looked at the most popular tools for redacting PDF documents and found many of them wanting. The findings, from researchers Maxwell Bland, Anushya Iyer, and Kirill Levchenko, say two of the most popular tools for redacting documents offer no protection to the underlying text at all, with the text accessible by copying and pasting it. Plus, a new attack method they devised makes it possible to extract secret details from the redacted text.”
Source: Story Beyond the Eye: Glyph Positions Break PDF Text Redaction, Maxwell Bland, Anushya Iyer, and Kirill Levchenko, University of Illinois, Urbana-Champaign, USA. 14 November 2022.