Shadow Attacks

Shadow Attacks
01 Sep 2020

Attack on PDF signatures?

Shadow attacks: since recently, this futuristic sounding term refers to a possible attack on signature verification of PDFs. This primarily affects readers, but not the entire process. XiTrust, the eSignature company, explains what it is really about. And why MOXIS users don’t need to worry.

While paper-bound documents are easy to manipulate due to their nature, digital PDF signatures are far more secure: they guarantee that all PDFs that have been signed digitally cannot be altered without the PDF software noticing. In July, a research team from Ruhr University Bochum disclosed three potential methods that apparently make it possible to manipulate or bypass the signature verification of PDF documents.

The researchers informed about the flaws in cooperation with the CERT-Bund (Computer Emergency Response Team) of the BSI (Federal Office for Information Security) during a Responsible Disclosure Process to vendors. This is a common IT security process that offers vendors the opportunity to carry out updates of their software before the flaws are disclosed. Almost all vendors of PDF readers have filled these security gaps.

This is why it is top priority to use the latest version of your PDF viewer. Most of providers are very well capable of preventing the above-mentioned exploits.

MOXIS is not affected directly, since most of the attacks take place after documents have been signed. Additionally, with MOXIS each document can be downloaded at a later time in the same condition it was when it was signed. This way any manipulation after the signing process can be proven and recorded.

We had a closer look at the attacks and analysed them in relation to MOXIS. The results of this analysis are available for download:

Shadow Attacks