Your IT Consultant

Don’t Trust Digitally Signed PDF Documents

July 27, 2020

Isn't it a sad day when you can't trust digitally signed electronic files? As if we didn't have enough to worry about in the current coronavirus pandemic, ZDNet reported that we can't trust digitally signed PDF files. Fifteen of twenty eight tested PDF viewer applications are vulnerable to a new attack that allows attackers to change information within a digitally signed PDF file without modifying the digital signature. The vulnerability has been named Shadow Attack. The vulnerability takes advantage of manipulating the various layers of a PDF document. As the post states, "The victim digitally signs the document with a benign layer on top, but when the attacker receives it, they change the visible layer to another one." There are three variants to the Shadow Attack.

• Hide
• Replace
• Hide-and-replace

It shouldn't surprise people that the hide-and-replace attack is the worst one, which is when attackers use a second PDF document contained in the original document to replace it altogether. Pretty scary stuff. Make sure you apply any patches available.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com