There are many vulnerabilities that can be present in our systems and devices. Those flaws could be exploited by hackers to carry out their attacks. In this article we report on a vulnerability that affects PDF files and that would allow an intruder to bypass signature validation and eventually modify the content of that file.
A bug allows modifying PDF files avoiding the signature
A team of computer security researchers has found a series of attacks that bypass PDF signature validation. Note that digitally signed PDFs are used in many contracts and invoices to ensure the authenticity and integrity of the content.
When a user opens a PDF file that has been previously signed they would expect to see a warning in case they have found any modification. However, these vulnerabilities would allow that signature to be circumvented. They have found attacks that could modify the content of those files without invalidating the signature.
However, this type of attack was found for the first time in 2019. They implemented a series of measures to prevent this from happening, but now there are attacks that can circumvent them. These are shadow attacks that bypass those measures in place to protect files.
These attacks take advantage of legitimate functions and are therefore difficult to mitigate. Allows you to hide content relevant to victims behind a visible layer. In this way they manage to hide legitimate content and show what they want to appear.
But there can also be attacks that seek to replace information. Of course, modification is not allowed for all types of objects, so the attacker only changes objects that are considered harmless but that can change the visible content of the document.
Then there are the hide and replace attacks. The attackers create a hidden PDF document that is sent to the signers. The PDF document contains a hidden description of another document with different content. Since the signers cannot detect the malicious hidden content, they sign the document.
How to avoid being victims of these types of problems
It is important that users are protected to avoid being victims of this type of attack. In this case we have seen vulnerabilities in PDF files, but it can occur in any other document or program that we use. Cybercriminals can access the system through a wide variety of methods.
Something basic is to keep the equipment updated . We must always have the latest versions to be able to correct problems that are exploited by hackers and that put our privacy and security at risk.
But it is also interesting to have security programs . A good antivirus can prevent threats from entering our system. This way we can be protected and maintain the reliability of our devices at all times.
However, the most important of all that common sense . We must avoid making mistakes such as downloading a malicious file by email, installing software from third-party sources that are insecure, or logging in from links we should not trust.