Researchers at the Ruhr University labs have found flaws that may expose your private documents to risks associated with cyberattacks.
Certified PDF files are widely used to sign important business documents including agreements, declarations, and more, thus keeping data integrity intact at all times. However, a new research report from Ruhr University Bochum has found several vulnerabilities in the PDF application.
“Certified PDFs use two specific signatures for document authentication, an approval signature, along with a certification signature”, researchers from the lab explained. Certification signatures are usually more flexible and are made to handle complicated agreements between multiple parties and allow some changes to the document within a set of parameters while making sure to maintain its validity.
Now this is exactly where the team discovered vulnerabilities to two specific novel attacks, identified as “Evil Annotation” (EAA) and “Sneaky Signature” (SSA). These allow hackers to place malicious content atop the certified information without leaving any traces of such misconduct.
Where EAAs display malicious content in the document’s annotations and send it forward with the digital signature intact, SSAs add the same over legit-looking content in the PDF file itself.
The team immediately shared the findings with the appropriate vendors with a comprehensive vulnerability report, including exploits to CERT-Bund(BSI). Adobe, Foxit, and LibreOffice among these vendors were quick to release patches for late 2020(CVE-2020-35931) or early 2021(CVE2021-28545, CVE-2021-28546). The code injection vulnerability was fixed by Adobe with a patch outside the regular update cycle(CVE-2020-24432).
Additional cybersecurity tips and advice were shared by the researchers including prohibiting three risky annotations (FreeText, Stamp, and Redact) that allow text or images to be added to a certified PDF, reducing access permissions while including a defined signature field for added protection.
The research community says businesses continue to struggle with such cybersecurity issues on an everyday basis and implementing strong cybersecurity measures for proactive threat reporting are important. TTB Cybersecurity provides complete protection to your business so data integrity stays intact at all times.
To know more about how TTb Cybersecurity can help, visit our website now!