Shadow attacks: This futuristic-sounding term has recently been used to describe a possible attack on the signature verification of PDFs. The readers are primarily affected, but not the entire process. XiTrust explains what it is actually about – and why MOXIS users have nothing to worry about.
While paper-based documents are naturally easy to manipulate, digital PDF signatures offer far more security: they ensure that digitally signed PDFs cannot be manipulated at a later date – at least not without the PDF software’s signature verification recognising and reporting the changes. In July, a team of researchers from Ruhr University Bochum uncovered three potential methods with which the signature verification of PDF documents can evidently be manipulated or circumvented.
The researchers communicated the vulnerabilities to the manufacturers via the BSI’s CERT organisation as part of a so-called responsible disclosure process. This is a common process in IT security and gives manufacturers time to secure their software with updates before vulnerabilities are published. Almost all manufacturers of PDF readers have already closed these security gaps.
It is therefore imperative that you use the latest version of your PDF viewer. Most providers can handle all of these exploits very well.
MOXIS is not directly affected, as most attacks occur after signing. Moreover, every document in MOXIS can be downloaded retrospectively exactly as it was signed, meaning that any manipulation after the signature process can be proven and documented.
Discover MOXIS for your company.
Find out more about the leading eSignature platform, enjoy the benefits of legally secure digital signatures, save time and costs.
