Security researchers from two German universities have published details of flaws in document PDF encryption
Digitally signed and encrypted PDF documents are widely used: to execute contracts, meet statutory reporting obligations and to protect commercially sensitive information transmitted as email attachment.
Breaking PDF digital signatures
PDF digital signatures use asymmetric cryptography; that is the signer possess a public and private key pair and the signer uses his private key to create the digital signature. Any document modification afterwards invalidates the signature and should result in the PDF viewer software displaying an error message that the signature is not valid.
The researchers discovered three ways to manipulate digitally signed PDF documents and created a $1 trillion refund credit note which was digitally signed by amazon.com. They did this by obtaining a valid signed PDF document and altering its content without invalidating the digital signature and Adobe Acrobat PDF viewer declared that the document had not been altered since it was signed.
The three types of attack discovered during the research all rely on the worrying fact that the PDF viewer software can be confused by missing or invalid meta-data within the PDF file which results in the software defaulting to declare the digital signature valid rather than invalid.
Despite following responsible disclosure protocols, some vulnerabilities remain unpatched in leading online services and desktop applications.