Researchers Break Digital Signatures For Most Desktop PDF Viewers

An anonymous reader quotes a report from ZDNet: A team of academics from the Ruhr-University Bochum in Germany say they've managed to break the digital signing system and create fake signatures on 21 of 22 desktop PDF viewer apps and five out of seven online PDF digital signing services. This includes apps such as Adobe Acrobat Reader, Foxit Reader, and LibreOffice, and online services like DocuSign and Evotrust --just to name the most recognizable names. The five-person research team has been working since early October 2018 together with experts from Germany's Computer Emergency Response Team (BSI-CERT) to notify impacted services. The team went public with their findings over the weekend after all affected app makers and commercial companies finished patching their products. In research published today, the Ruhr-University Bochum team described three vulnerabilities that they found in the digital signing process used by several desktop and web-based PDF signing services. Summarized, they are:

1. Universal Signature Forgery (USF) -- vulnerability lets attackers trick the signature verification process into showing users a fake panel/message that the signature is valid.
2. Incremental Saving Attack (ISA) -- vulnerability lets attackers add extra content to an already signed PDF document via the "incremental saving (incremental update)" mechanism, but without breaking the already-existing signature.
3. Signature Wrapping (SWA) -- vulnerability is similar to ISA, but the malicious code also contains extra logic to fool the signature validation process into "wrapping" around the attacker's extra content, effectively digitally signing the incremental update. Additional details about the three vulnerabilities are available in this PDF research paper [1, 2], this blog post, and this dedicated website.

Available in PDF?

[PaulBu]

And how then we are supposed to know that this is really from these researchers??? :)
Paul B.

Re: Available in PDF?

[Narcocide]

You guys both think you're funny, but you're actually highlighting the really horrifying facet of this problem here. You might be able to tell yourselves "It's fine I'll just use GPG too." but for the vast majority of the population and major institutions, security is effectively dead now, and they're trying to alter their business plans to adapt to making money in an environment where the forgone conclusions are that no system is secure-able and the only thing left with any value is your stolen identity.

Re:What about Poppler?

[arglebargle_xiv]

I would be very surprised if, given enough time, they couldn't find vulns in any PDF reader there is. You're trying to sign a Turing machine that can do anything it wants, at some point that's going to include bypassing the signature guarantees. More generally, you can't safely sign active content if the content is hostile, or there's a means of getting it to pull in hostile content. XMLDsig is a prime example of this.

Re:What about Poppler?

[technosaurus]

Xpdf, evince, mupdf,... lots of open source viewers missing

Re:What about Poppler?

[amorsen]

Xpdf, evince, mupdf,... lots of open source viewers missing

The justification is this:

"In the first phase of our security evaluation we concentrated on pdf viewer and online validation services, since they give a clear indication wether the attack was successful. To this point, we did not analyze PDF libraries like poppler (pdfsig) or pdfbox, since different configurations are possible. For example, the validation of a signed pdf can be executed with different calls in pdfbox."

Of course they could have tested evince as a proxy for poppler. But they didn't.