1 Trillion Dollar Refund: How To Spoof PDF Signatures

  title={1 Trillion Dollar Refund: How To Spoof PDF Signatures},
  author={Vladislav Mladenov and Christian Mainka and Karsten Meyer zu Selhausen and Martin Grothe and J{\"o}rg Schwenk},
  journal={Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security},
The Portable Document Format (PDF) is the de-facto standard for document exchange worldwide. To guarantee the authenticity and integrity of documents, digital signatures are used. Several public and private services ranging from governments, public enterprises, banks, and payment services rely on the security of PDF signatures. In this paper, we present the first comprehensive security evaluation on digital signatures in PDFs. We introduce three novel attack classes which bypass the… 

Breaking the Specification: PDF Certification

This paper presents the first comprehensive security evaluation on certification signatures in PDFs and describes two novel attack classes – Evil Annotation and Sneaky Signature attacks which abuse flaws in the current PDF specification.

Shadow Attacks: Hiding and Replacing Content in Signed PDFs

The tool PDF-Attacker is introduced which can automatically generate shadow attacks and PDF-Detector is implemented to prevent shadow documents from being signed or forensically detect exploits after being applied to signed PDFs.

Practical Decryption exFiltration: Breaking PDF Encryption

This paper analyzes PDF encryption and shows two novel techniques for breaking the confidentiality of encrypted documents, which allow the recovery of the entire plaintext ofencrypted documents by using exfiltration channels which are based on standard compliant PDF properties.

Signatures to Go: A Framework for Qualified PDF Signing on Mobile Devices

This paper develops a user-friendly and privacy-preserving framework for qualified PDF signing on mobile devices and demonstrates the practical applicability of the solution by integrating it into the productive Austrian e-Government system.

Oops. . . Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures

This paper conducts the first comprehensive analysis of OpenDocument signatures and reveals numerous severe threats, including five new attacks and shows that attackers possessing a signed ODF could alter and forge the signature creation time in 16 of 18 applications.

Research Report: Strengthening Weak Links in the PDF Trust Chain

Over the course of the case study, it is found that the full definition of cross-reference data in PDF contains several subtleties that are interpreted differently by natural implementations, but which can nevertheless be formalized using monadic parsers with constructs for explicitly capturing and updating input streams.

Modeling the Dielectric Constant of Silicon-Based Nanocomposites Using Machine Learning

In this work, we solve the problem of predicting the dielectric constant of silicon-based nanocomposites using machine learning methods. Mathematical models and programs have been developed to


  • Security Engineering
  • 2020



On Breaking SAML: Be Whoever You Want to Be

An in-depth analysis of 14 major SAML frameworks is described and it is shown that 11 of them, including Salesforce, Shibboleth, and IBM XS40, have critical XML Signature wrapping (XSW) vulnerabilities.

Hiding Malicious Content in PDF Documents

This paper is a proof-of-concept demonstration for a specific digital signatures vulnerability that shows the ineffectiveness of the WYSIWYS (What You See Is What You Sign) concept. The algorithm is

Digital Document Signing: Vulnerabilities and Solutions

The aim of this paper is to focus on the vulnerabilities of digital signature deriving from the “unobservability” of electronic documents and possible mechanisms to contrast such vulnerabilities are proposed.

Malicious URI resolving in PDF documents

  • V. Hamon
  • Computer Science
    Journal of Computer Virology and Hacking Techniques
  • 2013
It’s shown that the simple use of an HTTP request from a PDF can be a pretty good vector for an attacker and how it can be relatively easy to reuse some vulnerabilities from outside the document.

XML signature element wrapping attacks and countermeasures

The general vulnerability and several related exploits are described and appropriate countermeasures are proposed, and the guidance necessary to prevent these attacks is provided.

Digital signatures and electronic documents: a cautionary tale

The space of such attacks is examined, and how many popular electronic document formats and PKI packages permit them are described, to help understand how to defend against such attacks.

Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies

This paper proposes a framework that automatically evaluates the enforcement of the policies imposed to third-party requests and argues that this proposed framework is a much-needed tool to detect bypasses and evaluate solutions to the exposed leaks.

A structural and content-based approach for a precise and robust detection of malicious PDF files

This paper presents a novel machine learning system for the automatic detection of malicious PDF documents that extracts information from both the structure and the content of the PDF file, and it features an advanced parsing mechanism.

Malicious origami in PDF

The PDF language and its security model is presented, and then the market leader of PDF software, Acrobat Reader is presented: how this format can be used for malicious purposes is shown.

Static detection of malicious JavaScript-bearing PDF documents

This contribution presents a technique for detection of JavaScript-bearing malicious PDF documents based on static analysis of extracted JavaScript code that has proved to be effective against both known and unknown malware and suitable for large-scale batch processing.