Digital signatures rose to the forefront of technology in 2020 as the world worked from home. Signing contracts, legal documents and more could no longer be done in person, so we all looked to digital signing.
Much like the Zoom database leak of April 2020, hackers found ways to bypass security and gain access to confidential documents.
Securing the signatures
Digital signature companies such as DocuSign and Adobe Sign are market leaders and use Public Key Infrastructure (PKI). PKI uses a public and private key to ensure that the signature provided is authentic. Much like an in-person signature where you may have to match one on file, digital signature keys require key matches to verify the signature.
There are numerous laws surrounding digital signatures and their legality and have been since 1999. Regulations such as the Electronic Identification and Trust Services (eIDAS) regulation, was recently adopted in the European Union. Compliance is stringent to prevent fraudulent attacks but nevertheless hackers have found ways round.
Methods of hacking
There are three main ways to hack a PDF. Hide, replace and hide and replace. Together they form the shadow attacks group, and researches publicly identified them in July 2020. All three attacks manipulate the PDF between the creator and the signer so both see a document that is correct.
Hide attack
A hide attack involves hiding various malicious content pieces behind another. This could be an image or box. Once the victim has signed the document and sent it back, the attacker can reveal the hidden content and access the information.
Replace attack
By changing or replacing certain minor aspects of a legitimate form, a replace attack can take place. This could be changing fonts to lookalike ones but importing malicious code with that.
“For instance, the (re)definition of fonts does not change the content directly. However, it influences the view of the displayed content and makes number or character swapping possible,” the researchers explained.
Hide and replace attack
This is considered the most powerful one as it enabled hackers to replace the entire content of a PDF. The signee saw a correct document, and signed, but through hiding and replacing certain objects with the same ID as a legitimate one.
This then is sent back to the attacker and they can reveal the true document.
Prepare and prevent
One of the weakest links in cybersecurity is the human. Providing your team with the correct training to spot any potential scams is a simple first step. Under GDPR, all staff of your company must receive some form of cybersecurity training. Having a process to report scams should be in place.
As attacks get more sophisticated, regular and updated training and awareness among staff is key. Alongside, ensuring all computers are up to date, with the correct security patches is imperative. Research from January 2021 shows that 26 of the 28 main PDF viewers is susceptible to some or all commonly known attacks.
