PDF feature certified prone to cyberattacks

Researchers at the Ruhr University labs have found flaws that may expose your private documents to risks associated with cyberattacks.

Certified PDF files are widely used to sign important business documents including agreements, declarations, and more, thus keeping data integrity intact at all times. However, a new research report from Ruhr University Bochum has found several vulnerabilities in the PDF application.

“Certified PDFs use two specific signatures for document authentication, an approval signature, along with a certification signature”, researchers from the lab explained. Certification signatures are usually more flexible and are made to handle complicated agreements between multiple parties and allow some changes to the document within a set of parameters while making sure to maintain its validity.

Now this is exactly where the team discovered vulnerabilities to two specific novel attacks, identified as “Evil Annotation” (EAA) and “Sneaky Signature” (SSA). These allow hackers to place malicious content atop the certified information without leaving any traces of such misconduct.

Where EAAs display malicious content in the document’s annotations and send it forward with the digital signature intact, SSAs add the same over legit-looking content in the PDF file itself.

Researchers said that the results of their evaluations of 26 of the most popular PDF applications were alarming, citing just 2 cases where they didn’t find any vulnerabilities to such attacks. The remaining 15 were found vulnerable to EAA, 9 to SSA, including Adobe, Foxit, and LibreOffice. The team also analyzed the standard-compliant implementation of the PDF certification applications and found issues in almost 11 of them. Another flaw that allowed certified documents to execute JavaScript code for code injection was found.

The team immediately shared the findings with the appropriate vendors with a comprehensive vulnerability report, including exploits to CERT-Bund(BSI). Adobe, Foxit, and LibreOffice among these vendors were quick to release patches for late 2020(CVE-2020-35931) or early 2021(CVE2021-28545, CVE-2021-28546). The code injection vulnerability was fixed by Adobe with a patch outside the regular update cycle(CVE-2020-24432).

Additional cybersecurity tips and advice were shared by the researchers including prohibiting three risky annotations (FreeText, Stamp, and Redact) that allow text or images to be added to a certified PDF, reducing access permissions while including a defined signature field for added protection.

The research community says businesses continue to struggle with such cybersecurity issues on an everyday basis and implementing strong cybersecurity measures for proactive threat reporting are important. TTB Cybersecurity provides complete protection to your business so data integrity stays intact at all times.

To know more about how TTb Cybersecurity can help, visit our website now!