Shadow Attacks: Creating a Shadow of One’s Own PDF Document

PDF viewer applications are often considered safer than most other text-based word processors as they offer effective security options, such as signature-based validation, that ensures the quality and integrity of a document. Unfortunately, researchers found that even a digitally-signed PDF document can be manipulated.

Forging documents via Shadow Attack

In July, academics from the Ruhr-University Bochum in Germany published a research study claiming that digital-signed PDF files' signature integrity protection can be bypassed.
  • The technique is named Shadow Attack and tracked with the CVE-2020-9592 and CVE-2020-9596 identifiers. The attack has three variants that can allow an attacker to hide and replace content in digitally signed PDFs.
  • The attack enables any hacker to create a PDF document with two different contents: a) content expected by the authority reviewing and signing the PDF, and b) shadowed content that will be displayed after the PDF is signed.
  • 15 out of 28 desktop PDF viewer applications were found vulnerable to Shadow Attack. The list of vulnerable applications includes Adobe Acrobat Pro, Adobe Acrobat Reader, LibreOffice Draw, Foxit Reader, and PDFelement, and among others.

Manipulating PDF files

By faking, manipulating, or modifying a legally admissible document, threat actors can steal large amounts of money or disrupt operations inside private companies and public institutions.
  • In September 2019, researchers discovered PDFex attacks that could break the encryption on 27 PDF viewer applications and manage to extract data from encrypted documents.
  • In February 2019, researchers managed to fake signatures on 21 of 22 desktop PDF viewer apps and 5 out of 7 online PDF digital signing services.

Stay safe

It has been stated by academics that this variant of attack is an especially powerful one since attackers can change the contents of an entire document. However, it is also expected that unused objects are removed from the shadow document and the shadow components are identified by a security scanner. Since neither of the disadvantages has been reported, it is safe for users to patch the vulnerabilities - CVE-2020-9592 and CVE-2020-9596. According to experts, organizations must update their PDF viewer apps to ensure that the signed PDF documents are tamper-proof against Shadow attack.