PDF files can be digitally signed by two parties. However, researchers have now discovered a security flaw that can be used to subsequently change the document by a second party.
With the help of certified signatures, PDFs can be digitally signed by two contractual partners. After the first signature, however, it should theoretically no longer be possible to make any changes to the content. Researchers at the Horst Gortz Institute for IT Security in Bochum have now developed two attack methods that should be able to do just that. Actually, the party that issues a PDF with a certified signature and signs it first can specify which changes the contractual partner can then make. The whole thing is intended so that the contractual partner can, for example, fill out individual fields, add comments or even add their own signature. However, the scientists also managed to change the content without invalidating the certification.
“The attack idea exploits the flexibility of PDF certification, which allows certified documents to be signed or annotated with different authorization levels. Our practical evaluation shows that an attacker could change the visible content in 15 of 26 viewer applications, ” write the researchers, who have now publicly presented their study at the IEEE Symposium on Security and Privacy.