Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents.
Called “Shadow attacks” by academics from Ruhr-University Bochum, the technique uses the “enormous flexibility provided by the PDF specification so that shadow documents remain standard-compliant.”
The findings were presented yesterday at the Network and Distributed System Security Symposium (NDSS), with 16 of the 29 PDF viewers tested — including Adobe Acrobat, Foxit Reader, Perfect PDF, and Okular — found vulnerable to shadow attacks.
To carry out the attack, a malicious actor creates a PDF document with two different contents: one which is the content that’s expected by the party signing the document, and the other, a piece of hidden content that gets displayed once the PDF is signed.
“The signers of the PDF receive the document, review it, and sign it,” the researchers outlined. “The attackers use the signed document, modify it slightly, and send it to the victims. After opening the signed PDF, the victims check whether the digital signature was successfully verified. However, the victims see different content than the signers.”
images from Hacker News