Skip to main content

New 'Shadow Attack' Can Replace Content In Digitally Signed PDF Files

New 'Shadow Attack' Can Replace Content In Digitally Signed PDF Files

Security researchers from Ruhr-University Bochum in Germany have found a new attack method called 'Shadow Attack' against digitally signed PDF documents.

This new attack method allows an attacker to hide and replace content in a digitally signed PDF document without invalidating its signature. The attacker can create a document with two different content, the first one that the signer expects to see, and the second one that will be displayed to the receiver of the document.

Firstly, the signers receive the PDF document, review it, and sign it then the attackers used that signed document, modify it slightly, and send it to the victims. After opening the signed PDF documents, the victims verify whether the signature was correct or not. However, due to a new attack method PDF document was successfully verified and victims see modified content than the signers.

15 out of 28 desktop PDF viewer apps include Adobe Acrobat Reader, Adobe Acrobat Pro, Foxit Reader, LibreOffice, Perfect PDF, and others are vulnerable to new 'Shadow Attack' that lets attackers modify the content of digitally signed PDF documents.

New 'Shadow Attack' Can Replace Content In Digitally Signed PDF Files

Individuals and organizations (include researchers, governments, and businesses) often sign PDF documents to prevent unauthorized modification. If someone does modification to the digitally signed PDF documents, its signature becomes invalid.

According to security researchers, three forms of a Shadow Attack exist :

1. Hide

It involves hiding some content in a PDF behind a visible layer without replacing it. Let's discuss this form of 'Shadow Attack' scenario. The attacker sends a PDF document to the signer with an attractive message image on the top of the content they want to hide. Once, the PDF document has been signed by signer then an attacker can modify the PDF document so that the attractive message image is no longer available, which makes the hidden content become visible.

2. Replace

It involves appending a new object that is considered attractive but which can impact the way the content is displayed to the victim (like replacing original content with modified value).

3. Hide-and-Replace

This is the most powerful form of Shadow Attack that lets an attacker change the whole content of a digitally signed PDF document. Here, an attacker inserts hidden content and visible content into the PDF document using two objects with the common object ID and sends it to the victim. Once, the victim receives the signed PDF document, the attacker appends a new trailer and an Xref table and because of that, the hidden content is visible.

Shadow Attacks are possible because even when PDF documents digitally signed it still allows unused PDF objects to be present inside their content. So, That PDF viewer apps which remove unused PDF objects when singing a PDF document are not vulnerable to Shadow Attacks.

With the help of the Computer Emergency Response Teams of Germany (CERT-Bund), the security research team contacted impacted PDF application makers to report this new Shadow Attack (currently tracked as CVE-2020-9592 and CVE-2020-9596).

Applications made by Adobe, LibreOffice, and Foxit have already released patches. However, many of the impacted vendors still did not provide any information about the availability of patches.

PDF application maker should update their PDF viewer apps to make sure that the digitally signed PDF documents can't tamper by a Shadow Attack.

If you have any questions related to the new Shadow Attack and also want to share your views on this then please mention in the comments box and I will get back to you.

Comments

Popular posts from this blog

How To Check If a Link Is Safe To Click

Many times, we share links among our friends on social media platforms like WhatsApp, Facebook, Instagram or Twitter. But do we know how safe they are? What can happen if you click on any malicious link? We never think of the following things : Links can drop various harmful programs, viruses on your device Links can steal your personal data by dropping spyware or keyloggers Use your browser for crypto mining which will affect your device's performance Even if your device is secured with antivirus, not all of them warn you before clicking such malicious links . And the moment you click on these, they will become big trouble for you. This can sometimes even be dangerous with regard to data security and identity theft. So, Be careful about what you click on. These days one of the quickest growing security issues is ransomware , which is often spread by the user unintentionally clicking dangerous links in emails, social media platforms, messengers, and other tool

TikTok Secretly Sent Users Private Data & PII Number to Chinese Server Including Draft Videos

The popular Android and iOS short-videos creating app, TikTok hit with a lawsuit claims that the app illegally and secretly transfers app's users' private sensitive data and Personally Identifiable Information (PII) to Chinese servers. TikTok which is a 15-second short-video creating app especially popular among the younger generation and also downloaded over 1.3 Billion times worldwide . TikTok remains top in the most downloaded app list for months on the Apple App Store and Google Play Store.  According to the lawsuit, Tiktok shared the user's created videos which include private acts and closeups of user's faces (biometric data) before the videos are saved on the app. TikTok provides many options includes the next button, close button, and button for effects to its users while recording the video. Here, the next button takes users to the screen that shows these two options : "post" and "save".  After clicking on the "next" button, Tik

Facebook, Instagram and WhatsApp Down : Apps Crash For Users Worldwide Including In India

If you are facing problems with Facebook , Instagram , and WhatsApp on your device then you are not alone. Suddenly, the service of Facebook, Instagram, and WhatsApp's are facing technical problems since late evening on Wednesday. Users are facing these types of problems on Facebook :- While using Facebook, Users are facing problems in loading images, loading videos, and loading all other data across its apps while some users were unable to load photos on Facebook News Feed. On the Twitter platform, Facebook said that it is aware of the issue. Users are facing these types of problems on Instagram :- On Instagram (just like Facebook apps), the issues appear to be limited only to a certain part of the site. Many users report an issue to Instagram that their feed might not load, also it is not possible to post anything new (images, videos, stories) into it. If a user tries to post anything new (images, videos, stories) brings up an error indicat