Digital Signatures: The hidden vulnerabilities in the new normal

, Security & Data, Digital Signatures: The hidden vulnerabilities in the new normal

Dan May, Commercial Director at ramsac, takes a fresh look at how digital signatures work, their security value and their relationship to encryption, along with best practice advice on how to ensure that they are deployed securely in your company.

When we started working from home in March 2020, businesses had to adapt to the new way of working across the UK, which included signing contracts, business documents, and more.

Much like the Zoom database leak of April 2020, hackers have found ways to bypass security and gain access to confidential documents through a variety of methods in digital signature documents.

How does digital signing work?

Digital signature companies, such as DocuSign and Adobe Sign, use Public Key Infrastructure (PKI). PKI uses a public and private key to ensure that the signature provided is authentic. To verify the authenticity, PKI requires key matches between the signer and the signee.

Numerous laws are surrounding digital signatures and their legality and have been since 1999. Regulations such as the Electronic Identification and Trust Services (eIDAS) regulation, was recently adopted in the European Union. Because of the nature of documents involved in digital signing, many legislation protects who can create digital signature companies and how they must work.

Methods of hacking

There are three main ways to hack a PDF. Hide, replace and hide and replace. Together they form the shadow attacks group, and research publicly identified them in July 2020. All three attacks manipulate the PDF between the creator and the signer, so both see a document that is correct.

Hide attack

A hide attack involves concealing the malicious content behind other non-malicious content. This could be an image or box. Once the victim has signed the document and sent it back to the attacker, the attacker reveals the hidden content and can access the information.

Replace attack

A replacement attack can occur by changing or replacing certain minor aspects of a legitimate form. This could be changing fonts to lookalike ones but importing malicious code.

“For instance, the (re)definition of fonts does not change the content directly. However, it influences the view of the displayed content and makes number or character swapping possible,” the researchers explained.

This can be incredibly deceptive as it will look exactly as it should, and for important forms, can steal essential information such as a mortgage application. 

Hide and replace attack

This is considered the most advanced shadow attack as it enables hackers to replace the entire contents of a PDF. The signee sees a correct document and signs. Still, by hiding malicious content behind legitimate content and replacing elements with less than legitimate code, the hacker has multiple ways to access the document.  

Because of the nature of the hide and replace, they can go undetected by security scanners.

Prevention is better than cure

One of the weakest links in cybersecurity is the human. Providing your team with cybersecurity training to know the signs of a scam or fraud and how to question emails. Under GDPR, all staff, including directors and board members, of your company must receive some form of cybersecurity training.

As attacks get more sophisticated, regular and updated training and awareness among staff is key. Ensuring all computers are up to date, with the correct security patches is imperative. Research from January 2021 shows that 26 of the 28 main PDF viewers are susceptible to some or all commonly known attacks. Therefore, choosing a document signing system that is considered secure is also key.

As well as the human aspect, having secured passwords is key, rather than sharing them on unsecure messaging services. Apps such as Password Boss or LastPass can help to encrypt and store passwords safely but ensure collaborative working through team member sharing. Requiring password changes every six months, or a similar time frame is best practice to ensure no repeated or outdated passwords.  

READ MORE: 

Public Wi-Fi is a huge security risk, and it is recommended not to connect in any circumstance for work, even when using it with extreme caution and a VPN. A classic scam involves hackers sitting in the corner of places like coffee shops broadcasting a “free” wireless access point, pretending to be the coffee shop. They can then drop files onto your computer or make a copy of all the internet activity you do. 

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Author