Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday July 27 2020, @12:52PM   Printer-friendly
from the what-was-in-that-contract-again? dept.

Researchers Disclose New Methods for Replacing Content in Signed PDF Files:

A team of researchers from the Ruhr University Bochum in Germany has disclosed a series of new attack methods against signed PDF files.

Dubbed Shadow Attacks, the new techniques allow a hacker to hide and replace content in a signed PDF document without invalidating its signature. The hacker can create a document with two different contents, one that the signer expects to see and one that will be displayed to the recipient of the document.

"The Signers of the PDF receive the document, review it, and sign it. The attackers use the signed document, modify it slightly, and send it to the victims. After opening the signed PDF, the victims check whether the digital signature was successfully verified. However, the victims see different content than the Signers," the researchers explained.

They have tested 28 PDF viewer applications and found that 15 of them were vulnerable to at least one of the attacks, including apps made by Adobe, Foxit, and LibreOffice. These three organizations have already released patches, but many of the impacted vendors either did not respond to the researchers' messages or they provided no information about the availability of patches.

The same researchers previously disclosed methods for breaking PDF file signatures and making unauthorized changes to signed documents. They have now presented three new attacks on PDF signatures.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by bzipitidoo on Tuesday July 28 2020, @01:57AM (1 child)

    by bzipitidoo (4388) on Tuesday July 28 2020, @01:57AM (#1027462) Journal

    This sort of thing is where security gets tricky. One example of "security" that many people are unwilling to concede is bogus is DRM.

    Conceptually, and unlike DRM, digital signing is valid security. It works. But there are still many ways for an implementation to screw it up. To recap, real digital signing is a use of public key cryptography. Keys come in pairs. The other key of a pair is required to decrypt what one key is used to encrypt. This is unlike classic encryption, in which decryption is done with the same key that was used for encryption. One of the keys of a pair is made public. Doesn't matter which one. Everyone can see the public key. The other key of the pair is kept private. To securely send a message, encrypt it with the public key. Only those with the private key will be able to decrypt and read it. Digital signing uses the keys a little differently. The signer creates a cryptographic hash of a document, then encrypts that hash with their private key. That's the digital signature. Anyone can verify that the signature is valid by using the public key to decrypt the hash, and checking that the decrypted hash matches the hash value they get from re-running the hash algorithm on the document.

    One big problem with digital signatures is the systems to manage the public keys. There often is no such system. Or if there is, it's a lot of effort to get your public key accepted and listed. Quite understandably, the systems with the most keys and best reputations want you to prove in all kinds of ways that you are who you say you are. Once satisfied on that point, these systems use the very same digital signature technique to sign your public key using their private key. There's a "Web of Trust", in which your public key is signed many times by many different key management systems, in the hopes that some of them will still be in operation whenever anyone wants to check the validity of a key. Setting up to do digital signing is an awful lot of bother, and for most messages total overkill. So what a lot of people do is resort to "self-signing". They become their own key manager.

    Any implementation of digital signature verification can mess up on any of those steps. Use a weak hash, such as MD4, and an attacker can find a substitute message that has the same hash value. With self-signed signatures, the users may ignore the warnings. This problems sounds more in the nature of spoofing. They're using the PDF standard's capability to overwrite to have 2 different messages already in the document, so that the problem of completely switching messages is reduced to toggling a few bits. Cryptographic hashes are supposed to be pretty resilient to a change of even 1 bit, but any data that is for whatever reason excluded from the hash is data that can be changed without invalidating the signature. The researchers have found a few bits that by some programs were thought inconsequential and therefore not necessary to include in the data being hashed, and managed to come up with ways to use those bits to trick the programs into presenting the user with a completely different message.

    Understand that in a PDF, there need not be present any sort of formal notification that a part of the document overwrites another part. Basic PDF just has data on where in a document to place each letter, consisting of a page and an x and y coordinate. If an x and y coordinate given with a letter happen to place that letter on top of another letter, then it will be overwritten. Detecting this isn't as simple as keeping a list of used coordinates. The coordinates of the overwriting text can be off by one pixel, and the font sizes can be enlarged so that what would not have obscured text on an adjacent line now does obscure it. Though it certainly is possible to detect all forms of overwriting, it's tricky enough that PDF viewers can screw that up too.

    One of the things that really annoys me about LibreOffice Draw's ability to edit PDF documents is that apparently, LibreOffice won't use the included font. Instead, the program searches the system for the font in question. If it is installed you're in luck, and the PDF will look correct. If not, LibreOffice will automatically substitute a different font that it decides is close. Except it often isn't. Then the lines of text don't fit properly in the document. Meanwhile, a simple reader of PDF documents will show that PDF correctly, because it will use the included fonts.

    Starting Score:    1  point
    Moderation   +2  
       Interesting=1, Informative=1, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 0) by Anonymous Coward on Tuesday July 28 2020, @03:03PM

    by Anonymous Coward on Tuesday July 28 2020, @03:03PM (#1027647)

    mupdf-gl has some basic editing capabilities, but the documentation is not great.