Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint Security //

Identity Management

3/1/2019
07:00 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Digital Signatures Can Be Forged in PDF Docs

Researchers in Germany have figured out three different ways to forge digital signatures in PDF documents.

Researchers at the Ruhr-University Bochum in Germany have figured out three different ways to forge digital signatures in PDF documents.

The fakes will be treated as genuine on 21 of 22 desktop PDF viewer apps (running on Windows, MacOS and Linux) and five out of seven online PDF digital signing services. These include well-known apps, including Adobe Acrobat Reader, Foxit Reader and LibreOffice, as well as online services like DocuSign and Evotrust.

Summarizing their six month-long research in a paper and a blog, the researchers note they have been working with Germany's Computer Emergency Response Team (BSI-CERT) to responsibly disclose the results to affected service providers.

Signatures to PDF documents have come to be accepted in legally binding contracts since President Clinton signed the eSign Act. In 2014, the EU issued a regulation that gave such documents legal status in the EU as well.

Adobe has said that it processed 8 billion such signatures in 2017. The researchers found three major attack methods.

The first is Universal Signature Forgery (USF). This is a way for attackers to game the signature verification process so that it will display a fake panel/message that the signature is valid.

The second is Incremental Saving Attack (ISA). Here, attackers will add content to an already signed PDF document via the "incremental saving (incremental update)" mechanism, but without breaking what has already been saved for the signature of that document.

The last is Signature Wrapping (SWA). Similar to ISA, it will fool the signature validation process into "wrapping" around the attacker's additional content. This means the content added (the incremental update) has been digitally signed.

The researchers found that there were two root causes why this sort of spoofing could be carried out.

First, they said, "The specification does not provide any information with concrete procedure on how to validate signatures. There is no description of pitfalls and any security considerations. Thus, developers must implement the validation on their own without a best-common-practice information."

Secondly, they found "The error tolerance of the PDF viewer is abused to create non-valid documents bypassing the validation, yet correctly displayed to the user."

They came up with a verification algorithm. It's a concrete approach on how to compute the values necessary for the verification and how to detect manipulations after signing the PDF file. The specified algorithm must be applied for each signature within the PDF document. As an input, it requires the PDF file as a byte stream and the signature object.

The approach will only work on the last revision that has been done to a PDF document, and does not verify any signatures that may have been done previously to that final revision.

This problem can be serious, and enable some massive financial frauds. It is incumbent on the security team to verify that they have patched all applications affected, and that they are using services that have taken this problem seriously.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16123
PUBLISHED: 2020-12-04
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by...
CVE-2018-21270
PUBLISHED: 2020-12-03
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
CVE-2020-26248
PUBLISHED: 2020-12-03
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
CVE-2020-29529
PUBLISHED: 2020-12-03
HashiCorp go-slug before 0.5.0 does not address attempts at directory traversal involving ../ and symlinks.
CVE-2020-29534
PUBLISHED: 2020-12-03
An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.