Digital signatures in PDF applications exploited by researchers

• The researchers devised fake signatures to force their way into PDF viewer apps.
• Researchers could successfully attack 21 out of the 22 PDF viewers studied. Popular apps include Adobe Acrobat Reader, Foxit Reader as well as online validation services like DocuSign and Evrotrust.

Worth Noting

• Digitally signed PDFs are sometimes accepted as legally-binding documents under certain circumstances. Example: financial transactions.
• Out of 22 attacks committed on PDF viewers in the study, 21 of them were successful.
• PDF applications include the popular Adobe Reader DC and Foxit. Online signature validation services such as DocuSign and Evrotrust were also vulnerable.
• These methods were devised way before security updates were released for PDF applications considered in the study.

The attacks

• Universal Signature Forgery: This attack focuses on disabling verification by adding invalid content in the signature object or by removing references to the signature object.
• Incremental Saving Attack: It relies on a PDF feature called ‘incremental saving’. After this, the content, as well as the structure of the PDF, is slowly changed with different content.
• Signature Wrapping Attack: This attack altogether bypasses signature protection. Attackers then fill the document with malicious content.

Why it matters?

• Forging or manipulating a digitally signed PDF can help attackers to extract confidential information, upon which they can commit crimes such as theft.
• Private transactions done between organizations through digital documents can be compromised if these attacks are utilized.

Countermeasures

The researchers have also proposed countermeasures to remedy these attacks. This involves an algorithm to detect manipulations in signatures. These can be applied to most of the PDF viewer applications. However, it has a drawback as it fails to work for PDFs with multiple signatures. The paper indicates, “..the algorithm leads to one usability issue if multiple signatures are provided. Although these signatures are valid, only the one covering the entire document will be displayed as valid.”