Monday, March 1, 2021
  • Bitcoin
  • About
  • Trusted Links
  • Advertise
  • Careers
  • Donate
  • Contact
Hacking tools on all platforms
No Result
View All Result
  • The Hacker News
  • Tools9
  • Tutorial
  • Downloads23
  • Video
  • Blog
  • Donate Us
Hacking tools on all platforms
Home Blog
Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Nhan Nguyen by Nhan Nguyen
in Blog
Reading Time: 5min read
0
0
SHARES
167
VIEWS
Share on FacebookShare on Twitter

Related posts

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

02/25/2021
173
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

02/24/2021
181
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

02/24/2021
189
Everything You Need to Know About Evolving Threat of Ransomware

Everything You Need to Know About Evolving Threat of Ransomware

02/24/2021
174

Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents.

Called “Shadow attacks” by academics from Ruhr-University Bochum, the technique uses the “enormous flexibility provided by the PDF specification so that shadow documents remain standard-compliant.”

The findings were presented yesterday at the Network and Distributed System Security Symposium (NDSS), with 16 of the 29 PDF viewers tested — including Adobe Acrobat, Foxit Reader, Perfect PDF, and Okular — found vulnerable to shadow attacks.

To carry out the attack, a malicious actor creates a PDF document with two different contents: one which is the content that’s expected by the party signing the document, and the other, a piece of hidden content that gets displayed once the PDF is signed.

“The signers of the PDF receive the document, review it, and sign it,” the researchers outlined. “The attackers use the signed document, modify it slightly, and send it to the victims. After opening the signed PDF, the victims check whether the digital signature was successfully verified. However, the victims see different content than the signers.”

password auditor

In the analog world, the attack is equivalent to deliberately leaving empty spaces in a paper document and getting it signed by the concerned party, ultimately allowing the counterparty to insert arbitrary content in the spaces.

Shadow attacks build upon a similar threat devised by the researchers in February 2019, which found that it was possible to alter an existing signed document without invalidating its signature, thereby making it possible to forge a PDF document.

1614077401 909 Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Although vendors have since applied security measures to fix the issue, the new study aims to extend this attack model to ascertain the possibility that an adversary can modify the visible content of a digitally signed PDF without invalidating its signature, assuming that they can manipulate the PDF before it’s signed.

At its core, the attacks leverage “harmless” PDF features which do not invalidate the signature, such as “incremental update” that allows for making changes to a PDF (e.g., filling out a form) and “interactive forms” (e.g., text fields, radio buttons, etc.) to hide the malicious content behind seemingly innocuous overlay objects or directly replace the original content after it’s signed.

A third variant called “hide and replace” can be used to combine the aforementioned methods and modify the contents of an entire document by simply changing the object references in the PDF.

“The attacker can build a complete shadow document influencing the presentation of each page, or even the total number of pages, as well as each object contained therein,” the researchers said.

Put simply, the idea is to create a form, which shows the same value before and after signing, but a completely different set of values post an attacker’s manipulation.

To test the attacks, the researchers have published two new open-source tools called PDF-Attacker and PDF-Detector that can be used to generate shadow documents and test a PDF for manipulation before it’s signed and after it’s been altered.

1614077401 45 Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

The flaws — tracked as CVE-2020-9592 and CVE-2020-9596 — have been since addressed by Adobe in an update released on May 12, 2020. As of December 17, 2020, 11 of the 29 tested PDF applications remain unpatched.

This is not the first time PDF security has come under the lens. The researchers have previously demonstrated methods to extract contents of a password-protected PDF file by taking advantage of partial encryption supported natively by the PDF specification to remotely exfiltrate content once a user opens that document.

Separately, the researchers last month uncovered another set of 11 vulnerabilities impacting the PDF standard (CVE-2020-28352 through CVE-2020-28359, and from CVE-2020-28410 to CVE-2020-28412) that could lead to denial-of-service, information disclosure, data manipulation attacks, and even arbitrary code execution.

Hacking Tools by Novero Lotus with hashtags #Shadow #Attacks #Attackers #Replace #Content #Digitally #Signed #PDFs

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securityNetwork Securityransomware malwaresoftware vulnerabilitythe hacker news
ShareTweet

Related Posts

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack
Blog

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

by Nhan Nguyen
02/25/2021
173
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique
Blog

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

by Nhan Nguyen
02/24/2021
181
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks
Blog

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

by Nhan Nguyen
02/24/2021
189
Everything You Need to Know About Evolving Threat of Ransomware
Blog

Everything You Need to Know About Evolving Threat of Ransomware

by Nhan Nguyen
02/24/2021
174
Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
Blog

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

by Nhan Nguyen
02/24/2021
194
Experts Find a Way to Learn What You’re Typing During Video Calls
Blog

Experts Find a Way to Learn What You’re Typing During Video Calls

by Nhan Nguyen
02/23/2021
172
Load More
Next Post
5 Security Lessons for Small Security Teams for the Post COVID19 Era

5 Security Lessons for Small Security Teams for the Post COVID19 Era

0 0 vote
Article Rating
Subscribe
Connect with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Notify of
guest
Connect with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
guest
0 Comments
Inline Feedbacks
View all comments

New Posts Updated

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

4 days ago
173
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

5 days ago
181
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

5 days ago
189
Everything You Need to Know About Evolving Threat of Ransomware

Everything You Need to Know About Evolving Threat of Ransomware

5 days ago
174
Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

5 days ago
194

BROWSE BY CATEGORIES

  • Blog
  • Dark Web
  • Downloads
  • Envato Free
  • Hacking Tools
  • Plugins
  • Social Network
  • Themes & Templates
  • Tools Free
  • Tools Free
  • Tutorial
  • Video

BROWSE BY TOPICS

AI Buidl computer security Counterfeited Money Credit Cards cyber attacks cyber news cyber security news cyber security news today cyber security updates cyber updates Dark Web data breach Deep Web Digital Virtual Hacker hacker news Hackers Hacking hacking news Hacking Tools how to hack information security Learn Python Linux Network Security PayPal Accounts Python Python Basic ransomware malware software vulnerability the hacker news Theme Blog / Magazine Theme Corporate Theme Creative Theme eCommerce Theme Free Theme Null Theme Real Estate Theme Wordpress Tool Tools Tor Tor Project’s Windows

POPULAR NEWS

  • Trusted Links on Dark Web

    Trusted Links on Dark Web update 2021

    3826 shares
    Share 0 Tweet 0
  • Hack Facebook Password 2021 100% Success in 2 minutes

    5712 shares
    Share 0 Tweet 0
  • The truth about the dark web fraud trade

    37 shares
    Share 0 Tweet 0
  • VmWare Tutorials

    53 shares
    Share 0 Tweet 0
  • All in One Hacking Tools For Hackers | Tools Free

    7219 shares
    Share 0 Tweet 0
  • WoodMart Null – Responsive WooCommerce WordPress Theme

    179 shares
    Share 0 Tweet 0
  • Download Christmas Dance

    12 shares
    Share 0 Tweet 0
  • Dark Web Scam Vendors & Markets List

    6714 shares
    Share 0 Tweet 0
  • Top 14 Most Popular Ethical Hacking Tools (2021 Rankings)

    43 shares
    Share 0 Tweet 0
  • C# Programming Tutorials

    0 shares
    Share 0 Tweet 0
  • Bitcoin
  • About
  • Trusted Links
  • Advertise
  • Careers
  • Donate
  • Contact

TM + © 2013 - 2021 Hacking Tools Online Platforms .

No Result
View All Result
  • The Hacker News
  • Bitcoin
  • Tools
    • Hacking Tools
    • Ecommerce
    • Social Network
    • Tools Free
  • Downloads
    • Software
    • Tools Free
    • Mobile Apps
    • Scripts
    • Envato Free
    • Plugins
    • Themes & Templates
    • Free Online Courses
  • Tutorial
  • Video
  • Dark Web
  • Blog
  • Donate Us
  • Contact Us

TM + © 2013 - 2021 Hacking Tools Online Platforms .

0
0
Would love your thoughts, please comment.x
()
x
| Reply