Isn’t it a sad day when you can’t trust digitally signed electronic files? As if we didn’t have enough to worry about in the current coronavirus pandemic, ZDNet reported that we can’t trust digitally signed PDF files. Fifteen of twenty eight tested PDF viewer applications are vulnerable to a new attack that allows attackers to change information within a digitally signed PDF file without modifying the digital signature. The vulnerability has been named Shadow Attack. The vulnerability takes advantage of manipulating the various layers of a PDF document. As the post states, “The victim digitally signs the document with a benign layer on top, but when the attacker receives it, they change the visible layer to another one.” There are three variants to the Shadow Attack.

  • Hide
  • Replace
  • Hide-and-replace

It shouldn’t surprise people that the hide-and-replace attack is the worst one, which is when attackers use a second PDF document contained in the original document to replace it altogether. Pretty scary stuff. Make sure you apply any patches available.

Email: jsimek@senseient.com Phone: 703.359.0700

Digital Forensics/Cybersecurity/Information Technology

https://www.linkedin.com/in/johnsimek

https://amazon.com/author/johnsimek

https://senseient.com