SIMonline

Service receive & sending SMS

PDF Signature Vulnerability

224   |     /   Security

PDF Signature Vulnerability
Researchers have warned that many popular PDF viewers and online verification services contain vulnerabilities that can be used to make unauthorized changes to signed PDF documents without losing their signature.



Virtual sim card online keep your mobile number confidential!

A group of researchers from the Rohr-Bochum University in Germany analyzed 22 desktop applications (including their versions for Windows, Linux, and macOS) and 7 online verification services.

Signatures in PDF format based on cryptographic operations are widely used by organizations around the world to ensure the protection of their documents from unauthorized changes. Many governments sign their white papers, researchers often sign scientific papers, and large companies like Amazon are known to sign documents like bills. If the signed document has been amended, its signature must become invalid.

PDF Signature Fake
However, researchers at Ruhr-Bochum University have shown that the vast majority of PDF viewers and online verification services are vulnerable to at least one of the three attack methods using PDF signature forgery.

Experts have shown that an unauthorized user can use various methods to make changes to a PDF document without invalidating its signature.

The list of vulnerable applications includes Adobe Reader, Foxit Reader, LibreOffice, Nitro Reader, PDF-XChange and Soda PDF, which are some of the most popular PDF readers. The list of affected validation services includes DocuSign, eTR Validation Service, DSS Demonstration WebApp, Evotrust, and VEP.si.

The only application that was not vulnerable to at least one type of attack was Adobe Reader 9 running on Linux, while the only invulnerable online service was version 5.4 of the DSS Demonstration WebApp. Researchers worked with the CERT-Bund, the German government CERT, to notify affected suppliers and provide them with the information they need to solve problems. Although some online services have not yet released fixes, all companies providing PDF viewing applications have released fixes.

The three attack methods identified by the researchers were called Universal Signature Forgery (USF), Incremental Retention Attack (ISA), and Signature Attack (SWA).

In the case of USF, an attacker can manipulate the meta information in the signature so that the application used to open the modified PDF file finds the signature, but not the data necessary for verification. Despite the missing information, the signature is still shown as valid in some applications, such as Acrobat Reader DC and Reader XI.

The ISA attack, which affects many tested applications and services, uses a legitimate feature in the PDF specification. This feature allows you to update files by adding changes, such as saving annotations or adding new pages to a document. An attacker can modify a document by making changes to an element that is not part of the signature integrity protection.

Finally, the SWA attack, which affects many PDF applications and some online validation services, forces the signature verification logic to process different data, “moving the originally signed content to another position in the document and inserting new content into the highlighted position”.

Researchers published an article and created a dedicated website that contains technical details of the pdf-insecurity.org attacks.


Similar news


Windows servers are vulnerable to DoS attacks, Microsoft warns

Microsoft told users that Windows servers running IIS are vulnerable to denial of service (DoS) attacks based on malicious HTTP / 2 requests.

Cyberattacks using the WinRAR ACE archive

WinRAR, a popular data compression tool used by more than 500 million users around the world, is vulnerable to serious vulnerabilities that could allow arbitrary code execution through specially created ACE archives.

Vulnerability of Drupal Could Allow Remote Code Execution

Security updates released for the Drupal Content Management System (CMS) fix an “extremely critical” vulnerability that can be used to remotely execute code.



SIMONLINE.SU

This is not only a service for receiving and sending SMS messages to virtual numbers, but also a tutorial on user safety in the modern world, the latest developments in IT, social media security, fresh programs and lessons that simplify our lives. So are other issues encountered by the average user. In simple words, each user will find for themselves something interesting or answers to their questions.

SIMonline © 2018 - 2020

All rights reserved