pressmaster - Fotolia
The PDF file format has the capability to embed digital signatures in documents. These digitally signed PDF documents are popular, particularly within government entities like the European Union's eIDAS system.
But how secure are these PDF digital signatures? A team from the University of Bochum in Germany evaluated how well PDF readers implemented digital signing and published results which showed a catastrophic picture of the security of PDF signatures. With some tricks, the researchers were able to fool every PDF viewer they could find that supports verifying PDF signatures. The situation wasn't much better for online signature validation services like DocuSign, where similar attacks worked.
The researchers used several different attacks, but the core of the problem is that a PDF digital signature is a relatively complex concept. The signature does not necessarily cover the whole document -- a PDF document can be partially signed and additional modifications can be added to the document after the signature was applied.
PDF viewers do a poor job accounting for this. While they usually were able to spot simple modifications for partially faulty documents, these viewers could be tricked. Some of the attacks relied on taking a PDF document that was already signed digitally and modifying it in a way that the signature was still considered valid for the whole document, although the content of the document was completely modified. Other attacks relied on using faulty signatures that could be created without knowledge of the cryptographic private key that the validation code would still consider valid.
Concerns about the security of PDF signatures are not new. In 2010, security expert Florian Zumbiehl demonstrated a similar attack, but it didn't receive much attention.
The attacks show that implementing PDF digital signature validation correctly is difficult and easily leads to implementation flaws. This is a common pattern, particularly with older cryptographic standards: While they are secure in theory, they often contain pitfalls that make it very likely that the actual software implementing the standard contains fatal weaknesses. When using products that validate PDF digital signatures, users should ask the vendor if the implementation has been analyzed by cryptographic experts.
Dig Deeper on Email and messaging threats
Related Q&A from Hanno Böck
Learn how managing web development content with the popular version control system can be risky without taking action to avoid these basic Git ... Continue Reading
Subdomain takeover exposure can happen when cloud-hosted web services are incompletely decommissioned, but configuration best practices can reduce ... Continue Reading
Discover how the MTA-STS specification will improve email security by encrypting messages and enabling secure, authenticated email transfers between ... Continue Reading