Virtual sim card online keep your mobile number confidential!
A group of researchers from the Rohr-Bochum University in Germany analyzed 22 desktop applications (including their versions for Windows, Linux, and macOS) and 7 online verification services.
Signatures in PDF format based on cryptographic operations are widely used by organizations around the world to ensure the protection of their documents from unauthorized changes. Many governments sign their white papers, researchers often sign scientific papers, and large companies like Amazon are known to sign documents like bills. If the signed document has been amended, its signature must become invalid.
PDF Signature Fake
However, researchers at Ruhr-Bochum University have shown that the vast majority of PDF viewers and online verification services are vulnerable to at least one of the three attack methods using PDF signature forgery.
Experts have shown that an unauthorized user can use various methods to make changes to a PDF document without invalidating its signature.
The list of vulnerable applications includes Adobe Reader, Foxit Reader, LibreOffice, Nitro Reader, PDF-XChange and Soda PDF, which are some of the most popular PDF readers. The list of affected validation services includes DocuSign, eTR Validation Service, DSS Demonstration WebApp, Evotrust, and VEP.si.
The only application that was not vulnerable to at least one type of attack was Adobe Reader 9 running on Linux, while the only invulnerable online service was version 5.4 of the DSS Demonstration WebApp. Researchers worked with the CERT-Bund, the German government CERT, to notify affected suppliers and provide them with the information they need to solve problems. Although some online services have not yet released fixes, all companies providing PDF viewing applications have released fixes.
The three attack methods identified by the researchers were called Universal Signature Forgery (USF), Incremental Retention Attack (ISA), and Signature Attack (SWA).
In the case of USF, an attacker can manipulate the meta information in the signature so that the application used to open the modified PDF file finds the signature, but not the data necessary for verification. Despite the missing information, the signature is still shown as valid in some applications, such as Acrobat Reader DC and Reader XI.
The ISA attack, which affects many tested applications and services, uses a legitimate feature in the PDF specification. This feature allows you to update files by adding changes, such as saving annotations or adding new pages to a document. An attacker can modify a document by making changes to an element that is not part of the signature integrity protection.
Finally, the SWA attack, which affects many PDF applications and some online validation services, forces the signature verification logic to process different data, “moving the originally signed content to another position in the document and inserting new content into the highlighted position”.
Researchers published an article and created a dedicated website that contains technical details of the pdf-insecurity.org attacks.