Hacking Digitally Signed PDF Files

2021-03-08 12:10

Interesting paper: "Shadow Attacks: Hiding and Replacing Content in Signed PDFs":. Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content.

A user opening a signed PDF expects to see a warning in case of any modification.

The shadow attacks circumvent all existing countermeasures and break the integrity protection of digitally signed PDFs. Compared to previous attacks, the shadow attacks do not abuse implementation issues in a PDF viewer.

In contrast, shadow attacks use the enormous flexibility provided by the PDF specification so that shadow documents remain standard-compliant.

Our results reveal that 16 of the 29 PDF viewers tested were vulnerable to shadow attacks.

We implemented PDF-Detector to prevent shadow documents from being signed or forensically detect exploits after being applied to signed PDFs. EDITED TO ADD: This was written about last summer.

News URL

https://www.schneier.com/blog/archives/2021/03/hacking-digitally-signed-pdf-files.html

#hacking #PDF