Researchers break e-signatures in 22 common PDF viewers


f you spend much time using computers as an adult, the chances are that you’ve had to electronically sign a document at some point. Many countries accept electronic signatures as legally binding, including the US, Canada, and the UK, where the Law Commission officially concluded that electronic signatures are valid in August 2018.

In some ways, electronic signatures are arguably better than handwritten ones. As they digitally hash the content of the document, they can prove to future viewers that no one has altered it.

Many software products support electronic signatures, mostly using the Portable Document Format (PDF) introduced by Adobe in 1993. The PDF file specification has supported digital signatures since 1999, and people have been happily signing documents ever since, but researchers at Ruhr-University Bochum in Germany just gave everyone pause.

The researchers published a paper revealing a flaw that PDF document viewers have presumably contained for the last 20 years. They found a way to add new content to documents without breaking the electronic signatures.

Read more…