Two new assaults break PDF certification

IT safety consultants at RUB have discovered a number of safety points with digital signatures for PDF paperwork over the previous years. Credit score: RUB, Kramer

A safety concern within the certification signatures of PDF paperwork has been found by researchers at Ruhr-Universität Bochum. This particular type of signed PDF information can be utilized, as an illustration, to conclude contracts. Not like a standard PDF signature, the certification signature permits sure modifications to be made within the doc after it has truly been signed. That is mandatory to permit the second contractual occasion to additionally signal the doc. The crew from the Horst Görtz Institute for IT Safety in Bochum confirmed that the second contractual occasion may change the contract textual content unnoticed after they add their digital signature, with out this invalidating the certification. The researchers moreover found a weak point in Adobe merchandise that permits attackers to implant malicious code into the paperwork.

Simon Rohlmann, Dr. Vladislav Mladenov, Dr. Christian Mainka and Professor Jörg Schwenk from the Chair for Community and Knowledge Safety are presenting the outcomes on the forty second IEEE Symposium on Safety and Privateness, which is going down as an internet convention from 24 to 27 Could 2021. The crew has additionally printed the outcomes on the web site .

24 out of 26 purposes affected

When utilizing certification signatures, the occasion who points the doc and indicators it first can decide which modifications the opposite occasion can then make. For example, it’s potential so as to add feedback, insert textual content into particular fields, or add a second digital signature on the backside of the doc. The Bochum group circumvented the integrity of the protected PDF paperwork with two new assaults—referred to as Sneaky Signature Assault (SSA) and Evil Annotation Assault (EAA). The researchers have been thus in a position to show faux content material within the doc as a substitute of the licensed content material, with out this rendering the certification invalid or triggering a warning from the PDF purposes.

The IT safety consultants examined 26 PDF purposes, in 24 of which they have been in a position to break the certification with at the least one of many assaults. In eleven of the purposes, the specs for PDF certifications have been additionally carried out incorrectly. The detailed outcomes have been printed on-line.

Malicious code may be implanted into Adobe paperwork

Along with the safety loopholes described above, the crew from the Horst Görtz Institute additionally found a weak point particularly in Adobe merchandise. Licensed Adobe paperwork can execute JavaScript code, reminiscent of accessing URLs to confirm the id of a consumer. The researchers confirmed that attackers might use this mechanism to implant malicious code into an authorized doc. This makes it potential, as an illustration, for a consumer’s privateness to be uncovered by sending his IP handle and details about the PDF purposes used to an attacker when the doc is opened.

Two main safety vulnerabilities present in PDF information

Extra info:
Breaking the specification: PDF certification, forty second IEEE Symposium on Safety and Privateness, on-line convention, 2021, … 3400b902/1t0x9ObxH8Y

Supplied by

Two new assaults break PDF certification (2021, Could 25)
retrieved 26 Could 2021

This doc is topic to copyright. Other than any honest dealing for the aim of personal examine or analysis, no
half could also be reproduced with out the written permission. The content material is supplied for info functions solely.

Source link