Researchers Disclose New Methods for Replacing Content in Signed PDF Files
upstart writes in with an IRC submission:
Researchers Disclose New Methods for Replacing Content in Signed PDF Files:
A team of researchers from the Ruhr University Bochum in Germany has disclosed a series of new attack methods against signed PDF files.
Dubbed Shadow Attacks, the new techniques allow a hacker to hide and replace content in a signed PDF document without invalidating its signature. The hacker can create a document with two different contents, one that the signer expects to see and one that will be displayed to the recipient of the document.
"The Signers of the PDF receive the document, review it, and sign it. The attackers use the signed document, modify it slightly, and send it to the victims. After opening the signed PDF, the victims check whether the digital signature was successfully verified. However, the victims see different content than the Signers," the researchers explained.
They have tested 28 PDF viewer applications and found that 15 of them were vulnerable to at least one of the attacks, including apps made by Adobe, Foxit, and LibreOffice. These three organizations have already released patches, but many of the impacted vendors either did not respond to the researchers' messages or they provided no information about the availability of patches.
The same researchers previously disclosed methods for breaking PDF file signatures and making unauthorized changes to signed documents. They have now presented three new attacks on PDF signatures.
Read more of this story at SoylentNews.