Skip to main content

New Attacks Show Signed PDF Documents Cannot Be Trusted

posted onFebruary 27, 2019
by l33tdawg
Security Week
Credit: Security Week

Many popular PDF viewers and online validation services contain vulnerabilities that can be exploited to make unauthorized changes to signed PDF documents without invalidating their signature, researchers have warned.

A team of researchers from the Ruhr-University Bochum in Germany has analyzed 22 desktop applications (including their Windows, Linux and macOS versions) and 7 online validation services.

PDF signatures, which rely on cryptographic operations, are widely used by organizations around the world to ensure that their documents are protected against unauthorized modifications. Many governments sign their official documents, researchers often sign scientific papers, and major companies such as Amazon are known to sign documents such as invoices. If a signed document has been changed, its signature should become invalid.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th