Hello support
in an article I am referring to the results on security problems when using digital signatures within various PDF programs.
https://www.pdf-insecurity.org/signature/signature.html
https://www.pdf-insecurity.org/signature/viewer.html
From my point of view it would be interesting what position the company behind PDF X Change Editor has to the results.
Digital Signature Risks SOLVED
Moderators: TrackerSupp-Daniel, Tracker Support, Paul - Tracker Supp, Vasyl-Tracker Dev Team, Chris - Tracker Supp, Sean - Tracker, Ivan - Tracker Software, Tracker Supp-Stefan
-
daniel_lutz
- User
- Posts: 83
- Joined: Fri Mar 07, 2014 9:46 am
Digital Signature Risks
Best regards
Daniel
PDF XChange pro
Daniel
PDF XChange pro
Re: Digital Signature Risks
Hello, daniel_lutz.
You have written an interesting report. [UPDATE: I may have misunderstood your involvement with the report.]
Can I ask your perspective on what applications 'should' do when they encounter each of the attacks you mentioned? Show all the content but without claiming that it's signed? Show all the content but display a big warning that signature security may be (or is) compromised? Show partial content? Refuse to open/display the file at all?
What is your opinion/impression about how some applications were able to detect some attacks?
Attack Method 1 [Universal Signature Forgery (USF)] appears to me — as a layperson — like it could be defeated, in principle, by robust programming to check all variables for unexpected/invalid values/types, even if a deliberate attack were not anticipated.
Attack Method 2 [Incremental Saving Attack (ISA)] appears to me like the programmers would have to be specifically looking for this; but it may be easy for them to know/predict this type of attack.
Attack Method 3 [Signature Wrapping Attack (SWA)] also appears to me like the programmers would have to be specifically looking for this, and it may be more difficult for them to know/predict this type of attack.
It may be meaningful to provide an overall statistic of the percentage of attacks of each of the three methods were successful. [UPDATE: Like in the associated paper.] A quick look indicates USF attacks were much less successful than ISA or SWA. [And SWA was least well protected against.]
In your results summary tables, it wasn't clear to me what "conditional" means. And Proof-of-Concept (PoC) means you customised each of those attacks?
In your report you hypothesised that, "The analyzed reader are very tolerant about opening, validating and showing malformed PDF files." I can imagine that that might be right, based inter alia on drawing an analogy with the history of past handling of HTML standards. I wonder if the PDF-XChange staff are willing/able to share any data or anecdotes about users submitting 'helpdesk tickets' to request assistance in opening PDF files that turned out to be malformed.
—DIV
You have written an interesting report. [UPDATE: I may have misunderstood your involvement with the report.]
Can I ask your perspective on what applications 'should' do when they encounter each of the attacks you mentioned? Show all the content but without claiming that it's signed? Show all the content but display a big warning that signature security may be (or is) compromised? Show partial content? Refuse to open/display the file at all?
What is your opinion/impression about how some applications were able to detect some attacks?
Attack Method 1 [Universal Signature Forgery (USF)] appears to me — as a layperson — like it could be defeated, in principle, by robust programming to check all variables for unexpected/invalid values/types, even if a deliberate attack were not anticipated.
Attack Method 2 [Incremental Saving Attack (ISA)] appears to me like the programmers would have to be specifically looking for this; but it may be easy for them to know/predict this type of attack.
Attack Method 3 [Signature Wrapping Attack (SWA)] also appears to me like the programmers would have to be specifically looking for this, and it may be more difficult for them to know/predict this type of attack.
It may be meaningful to provide an overall statistic of the percentage of attacks of each of the three methods were successful. [UPDATE: Like in the associated paper.] A quick look indicates USF attacks were much less successful than ISA or SWA. [And SWA was least well protected against.]
In your results summary tables, it wasn't clear to me what "conditional" means. And Proof-of-Concept (PoC) means you customised each of those attacks?
In your report you hypothesised that, "The analyzed reader are very tolerant about opening, validating and showing malformed PDF files." I can imagine that that might be right, based inter alia on drawing an analogy with the history of past handling of HTML standards. I wonder if the PDF-XChange staff are willing/able to share any data or anecdotes about users submitting 'helpdesk tickets' to request assistance in opening PDF files that turned out to be malformed.
—DIV
-
daniel_lutz
- User
- Posts: 83
- Joined: Fri Mar 07, 2014 9:46 am
Re: Digital Signature Risks
Hello DIV,
I have no involvement at all with this article. I stumbled across a German IT-News page and saw that PDF X-Change was at least included in the table. Basically, I am always sceptical about PDF, especially if I don't know its origin or if I only received it from a third party. As far as my understanding goes, there is a proof-of-concept for this gap, the question is whether there is any need for action at all on the part of the manufacturer of the software. Probably the article will be reviewed and evaluated internally because I could imagine that the topic might not have been on the screen yet.
Best regards
Daniel
I have no involvement at all with this article. I stumbled across a German IT-News page and saw that PDF X-Change was at least included in the table. Basically, I am always sceptical about PDF, especially if I don't know its origin or if I only received it from a third party. As far as my understanding goes, there is a proof-of-concept for this gap, the question is whether there is any need for action at all on the part of the manufacturer of the software. Probably the article will be reviewed and evaluated internally because I could imagine that the topic might not have been on the screen yet.
Best regards
Daniel
Best regards
Daniel
PDF XChange pro
Daniel
PDF XChange pro
-
TrackerSupp-Daniel
- Site Admin
- Posts: 8588
- Joined: Wed Jan 03, 2018 6:52 pm
Re: Digital Signature Risks SOLVED
Hello All!
I have good news to share, After speaking with the dev team it seems that this was reported privately to us before that research was made publicly available, and a fix was rolled into both our current products (builds 328.0+) as well as our discontinued viewer which saw a security patch (build 322.10). You will see a "Fixed digital signature validation vulnerability reported by NDS." note in the respective build history pages.
Looking over this list, and including our fix would mean that, assuming no one else on this list managed to fix their issues, our PDF-XChange Editor and Viewer, along with Adobe reader 9 for Linux (oddly enough their windows and mac applications seem vulnerable?), are the only applications available that are completely protected against these situations.
Kind regards,
I have good news to share, After speaking with the dev team it seems that this was reported privately to us before that research was made publicly available, and a fix was rolled into both our current products (builds 328.0+) as well as our discontinued viewer which saw a security patch (build 322.10). You will see a "Fixed digital signature validation vulnerability reported by NDS." note in the respective build history pages.
Looking over this list, and including our fix would mean that, assuming no one else on this list managed to fix their issues, our PDF-XChange Editor and Viewer, along with Adobe reader 9 for Linux (oddly enough their windows and mac applications seem vulnerable?), are the only applications available that are completely protected against these situations.
Kind regards,
Dan McIntyre - Support Technician
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
-
daniel_lutz
- User
- Posts: 83
- Joined: Fri Mar 07, 2014 9:46 am
-
Will - Tracker Supp
- Site Admin
- Posts: 6815
- Joined: Mon Oct 15, 2012 9:21 pm
- Location: London, UK
- Contact:
Re: Digital Signature Risks
If posting files to this forum, you must archive the files to a ZIP, RAR or 7z file or they will not be uploaded.
Thank you.
Best regards
Will Travaglini
Tracker Support (Europe)
Tracker Software Products Ltd.
http://www.tracker-software.com
Thank you.
Best regards
Will Travaglini
Tracker Support (Europe)
Tracker Software Products Ltd.
http://www.tracker-software.com
Re: Digital Signature Risks
Well done. Glad to know you're responsive to reported security threats.
—DIV
P.S. Thanks also for clarification of the status of the Viewer. I noticed that it wasn't showing up in any menus, although the official Viewer page can still be found be directly entering the URL (by typing it, using an existing bookmark, or navigating from a search engine). Too bad I didn't know about that free product many years ago.... (Noting that a paid "Pro" option also exists for the Viewer.) It's probably good to keep that page 'live' for existing users and maybe as one extra pathway to attract new users.
—DIV
P.S. Thanks also for clarification of the status of the Viewer. I noticed that it wasn't showing up in any menus, although the official Viewer page can still be found be directly entering the URL (by typing it, using an existing bookmark, or navigating from a search engine). Too bad I didn't know about that free product many years ago.... (Noting that a paid "Pro" option also exists for the Viewer.) It's probably good to keep that page 'live' for existing users and maybe as one extra pathway to attract new users.
-
TrackerSupp-Daniel
- Site Admin
- Posts: 8588
- Joined: Wed Jan 03, 2018 6:52 pm
Re: Digital Signature Risks
Hello DIV, Indeed we do keep up on any potential security threats and try to resolve and patch them as quickly as possible.
Regarding the viewer. While it is discontinued, and thus no longer for sale, it does (evidently) still see the occasional security patch and the latest versions (I believe 322.8 and up) can be covered by any currently valid license which covers use of the Editor. Otherwise it is intended that the product page still be available, as those who hold a license may still wish to install it. You can find it easily from our products page in the "discontinued downloads" section (the third tab): https://www.pdf-xchange.com/produc ... scontinued
Kind regards,
Regarding the viewer. While it is discontinued, and thus no longer for sale, it does (evidently) still see the occasional security patch and the latest versions (I believe 322.8 and up) can be covered by any currently valid license which covers use of the Editor. Otherwise it is intended that the product page still be available, as those who hold a license may still wish to install it. You can find it easily from our products page in the "discontinued downloads" section (the third tab): https://www.pdf-xchange.com/produc ... scontinued
Kind regards,
Dan McIntyre - Support Technician
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
Viewer download
Ah. I see I overlooked the "Discontinued Downloads" section.
-
Dimitar - Tracker Supp
- Site Admin
- Posts: 1794
- Joined: Mon Jan 15, 2018 9:01 am
