Skip to main content


Showing posts from July, 2020

New 'Shadow Attack' Can Replace Content In Digitally Signed PDF Files

Security researchers from Ruhr-University Bochum in Germany have found a new attack method called 'Shadow Attack' against digitally signed PDF documents. This new attack method allows an attacker to hide and replace content in a digitally signed PDF document without invalidating its signature . The attacker can create a document with two different content, the first one that the signer expects to see, and the second one that will be displayed to the receiver of the document. Firstly, the signers receive the PDF document, review it, and sign it then the attackers used that signed document, modify it slightly, and send it to the victims. After opening the signed PDF documents, the victims verify whether the signature was correct or not. However, due to a new attack method PDF document was successfully verified and victims see modified content than the signers. 15 out of 28 desktop PDF viewer apps include Adobe Acrobat Reader, Adobe Acrobat Pro, Foxit Reader, L