Stories
Slash Boxes
Comments

SoylentNews is people

Researchers Break Digital Signatures for Most Desktop PDF Viewers

posted by martyb on Wednesday February 27 2019, @01:15AM   Printer-friendly
from the jest-sine-hear dept.

upstart writes in with a submission, via IRC, for SoyCow1984:

Researchers break digital signatures for most desktop PDF viewers | ZDNet

A team of academics from the Ruhr-University Bochum in Germany say they've managed to break the digital signing system and create fake signatures on 21 of 22 desktop PDF viewer apps and five out of seven online PDF digital signing services.

[...] The five-person research team has been working since early October 2018 together with experts from Germany's Computer Emergency Response Team (BSI-CERT) to notify impacted services.

The team went public with their findings over the weekend after all affected app makers and commercial companies finished patching their products.

The reason why researchers were willing to wait months so all products would receive fixes is because of the importance of PDF digital signatures.

Digitally signed PDF documents are admissible in court, can be used as legally-binding contracts, can be used to approve financial transactions, can be used for tax filing purposes, and can be used to relay government-approved press releases and announcements.

Having the ability to fake a digital signature on an official PDF document can help threat actors steal large amounts of money or cause chaos inside private companies and public institutions.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Researchers Break Digital Signatures for Most Desktop PDF Viewers | Log In/Create an Account | Top | 21 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by choose another one on Wednesday February 27 2019, @08:37AM (7 children)

    by choose another one (515) Subscriber Badge on Wednesday February 27 2019, @08:37AM (#807513)

    Happily, LibreOffice can be used to verify the signatures.

    [It's still vulnerable, more so than Adobe v9 in fact, but you get the warm fuzzy feeling of invulnerability that comes from using FOSS with prejudice...]

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2, Insightful) by Anonymous Coward on Wednesday February 27 2019, @08:48AM

    by Anonymous Coward on Wednesday February 27 2019, @08:48AM (#807515)

    Being open source, it's also more likely to be fixed in a reasonable amount of time.

  • (Score: 4, Interesting) by FatPhil on Wednesday February 27 2019, @12:54PM (5 children)

    by FatPhil (863) <reversethis-{if.fdsa} {ta} {tnelyos-cp}> on Wednesday February 27 2019, @12:54PM (#807569) Homepage
    It amused me that adobe's V9 was secure (on linux), and V11 was vulnerable (on windows/mac). The OS shouldn't really matter, that's not what I'm getting at, but I do find it funny that as they made it more advanced, they made it more insecure.

    Personally I find the idea of document signing being an intrinsic part of the document format an absurdity, that means you need to implement it for every file type you might need to sign (which is potentially all of them). Why not just have a standalone program that signs *any file*? The programs that you manage individual file types might integrate access to that external program into their user interface, sure, but it should treat it as a black box. One file and one set of credentials in, one signed document out.
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves

    • (Score: 2) by DannyB on Wednesday February 27 2019, @03:32PM (4 children)

      by DannyB (5839) Subscriber Badge on Wednesday February 27 2019, @03:32PM (#807639) Journal

      Yes. That.

      Document signing should be a separate application which does exactly one thing and does it whale.

      It should also be a specification that can be implemented by multiple applications on all platforms. Making the standard widely available and able to sign all kinds of files, not just PDF, makes it more suitable for its intended porpoise.

      Sort of how tar and gzip work well together but separately are different fish.

      --
      The lower I set my standards the more accomplishments I have.

      • (Score: 2) by FatPhil on Wednesday February 27 2019, @04:38PM (3 children)

        by FatPhil (863) <reversethis-{if.fdsa} {ta} {tnelyos-cp}> on Wednesday February 27 2019, @04:38PM (#807669) Homepage
        Exactly. And it's funny you should mention tar/gzip in this context. Here in Estonia, we have a governmentally approved public key infrastructure (in teh form of chipped ID cards) that we can use to sign everything from our tax returns to arbitrary formal documents. And if you peek into the structure of the "signed document", you'll see it's nothing more than a Zip file with a (open standard) defined layout. No invention of a new proprietory file format - just reuse what's already there for that purpose, bundling files together.
        --
        Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves

        • (Score: 2) by DannyB on Wednesday February 27 2019, @05:22PM (2 children)

          by DannyB (5839) Subscriber Badge on Wednesday February 27 2019, @05:22PM (#807695) Journal

          Zip may already be the closest thing to a universal container format.

          LibreOffice files are really zip files.

          Java executable JAR files / libraries (java equivalent of exe/dll) are actually zip files.

          Java WAR and EAR files are zip files.

          LibreOffice can export PDF files, and optionally include the original document file into the PDF -- in this case the outer structure is an actual PDF not a zip.

          --
          The lower I set my standards the more accomplishments I have.

          • (Score: 2) by FatPhil on Thursday February 28 2019, @12:01AM (1 child)

            by FatPhil (863) <reversethis-{if.fdsa} {ta} {tnelyos-cp}> on Thursday February 28 2019, @12:01AM (#807883) Homepage
            Pretty universal, yeah. And not only OpenOffice, but Microsoft's OfficeOpenetrationXML is also Zip-based. (After OO.O did their format. Always leading from behind, those MS geniouses.)
            --
            Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves

            • (Score: 0) by Anonymous Coward on Thursday February 28 2019, @07:27AM

              by Anonymous Coward on Thursday February 28 2019, @07:27AM (#808014)

              There are many application formats that use the Open Packaging Conventions besides Microsoft. Another one I've seen is using SQLite files as application file formats, i.e. https://www.sqlite.org/aff_short.html [sqlite.org]. In fact, after discussing it with coworkers about the various alternatives, we are considering either using OPC or SQLite. However, we are still leaning to OPC, given the fact that they have an actual specification and recommendations, rather than just telling people to put them in whatever way makes sense to them (to be fair, there is a sort of suggestion spread around the documentation, but good luck with interoperability).