Shadow Attacks Bypass Digital Signatures in PDF
PDF Shadow attacks are essentially successful clickjacking attacks, where a hacker can hide the harmful content masked behind their bait that is digitally signed. This is the second time that the same researchers at Ruhr-University Bochum found loops to manipulate PDF Signatures. The testing was done on 28 applications running on different operating systems and the results showed that 26 of them are vulnerable to at least one Shadow Attack Variant. The evaluation of the vulnerable applications and operating systems prove that a lot of are at risk, let’s look at how and why this is possible.
Shadow Attacks affect 90% of Online Users
As of 21 Jan 2021, Google controlled 85.86% of the global search engine market share and crosses the 90% mark every now and then. This means that around 85 to 90 percent of users browsing through the internet use Chrome browser. Google Chrome is vulnerable to five of the Shadow attacks out of ten which puts 85 to 90 percent of Chrome users at risk. In other words, a whopping 80 to 90 percent of web browser users are at risk of DoS and Data breaches because of this hack. Moreover, Chrome is just one of the 26 applications that are vulnerable to the Shadow Attack. The complete list of vulnerable applications can be seen in the images below.
