Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday July 27 2020, @12:52PM   Printer-friendly
from the what-was-in-that-contract-again? dept.

Researchers Disclose New Methods for Replacing Content in Signed PDF Files:

A team of researchers from the Ruhr University Bochum in Germany has disclosed a series of new attack methods against signed PDF files.

Dubbed Shadow Attacks, the new techniques allow a hacker to hide and replace content in a signed PDF document without invalidating its signature. The hacker can create a document with two different contents, one that the signer expects to see and one that will be displayed to the recipient of the document.

"The Signers of the PDF receive the document, review it, and sign it. The attackers use the signed document, modify it slightly, and send it to the victims. After opening the signed PDF, the victims check whether the digital signature was successfully verified. However, the victims see different content than the Signers," the researchers explained.

They have tested 28 PDF viewer applications and found that 15 of them were vulnerable to at least one of the attacks, including apps made by Adobe, Foxit, and LibreOffice. These three organizations have already released patches, but many of the impacted vendors either did not respond to the researchers' messages or they provided no information about the availability of patches.

The same researchers previously disclosed methods for breaking PDF file signatures and making unauthorized changes to signed documents. They have now presented three new attacks on PDF signatures.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Interesting) by Anonymous Coward on Monday July 27 2020, @05:21PM (1 child)

    by Anonymous Coward on Monday July 27 2020, @05:21PM (#1027184)

    "These three organizations have already released patches."

    After a respectable period of time it might be a good idea to release the names of these vendors so that those potentially affected might switch vendors.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   1  
  • (Score: 0) by Anonymous Coward on Monday July 27 2020, @07:18PM

    by Anonymous Coward on Monday July 27 2020, @07:18PM (#1027253)

    err ... I was referring to the "but many of the impacted vendors either did not respond to the researchers' messages or they provided no information about the availability of patches." bit