Users who need to securely send an important Word document digitally can protect it with a digital signature. But as researchers from the Network and Data Security department at the Horst Görtz Institute for IT Security and the Cluster of Excellence CASA at the Ruhr University Bochum and the Mainz University of Applied Sciences have discovered, attackers can easily manipulate the document without being detected. Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Daniel Hirschberger and Jörg Schwenk will present their research paper "Every Signature is Broken: On the Insecurity of Microsoft Office's OOXML Signatures" at the renowned IT security conference "Usenix Security Symposium", which takes place from 9 to 11 August in California, USA.
"The goal of a digital signature is to validate the integrity of a document," explains Simon Rohlmann, who has joined the Hochschule Mainz. This involves using public key algorithms to generate a signature using a private key, which can then be verified using a public key. In this way, the person sending the document can protect it against subsequent interference by third parties, while still making it accessible to others. The recipient can also rely on the secure cryptographic process to ensure that the contents of the document are valid. However, the researchers have discovered a vulnerability that makes it easy to manipulate documents in Microsoft's Office Open XML (OOXML): "We found that documents are only partially signed. This could, for example, allow new content to be added or signed content to be hidden without anyone noticing," explains Simon Rohlmann.
Digital Signature for These Documents Practically Worthless
The researchers identified a total of five attack vectors that are possible due to structural inconsistencies in the Office system: The developers of the OOXML standard seem to have decided to sign only parts of the document package, according to the researcher. "This makes the digital signature for these documents practically worthless. An attacker could, for example, use signed documents to make social engineering attacks appear particularly trustworthy because the document contains a valid signature of a superior," summarises Simon Rohlmann.
The XML-based file formats affected have been used by Microsoft since 2007. Users can usually recognise them by the suffix -X in the file name; file.docx or file.xlsx. The main advantage of these files is that they use a compression technique to take up less space and are supposed to be more secure than their predecessors. When the researchers first discovered the vulnerabilities in 2022, they immediately informed Microsoft and the relevant standards body. However, the company did not immediately fix the problem, even though the researchers contacted them several times. As of last month, only one of the five attack vectors, the Universal Signature Forgery (USF) attack, is still possible in the retail version of Microsoft Office 2021 (version 2305 (build 16501.20210)). "In the latest LTSC version of Microsoft Office 2021 (version 2108 (build 14332.20517)), the attacks are not yet fixed," said Rohlmann (as of Friday, 16 June 2023).
The idea to research such vulnerabilities is based on the success of another scientific paper published in 2019 by the team of the Chair for Network and Data Security: Here, the Bochum scientists were able to prove for the first time that the bypassing of digital signatures in PDF documents is not noticed by many applications. Since then, the researchers have regularly devoted themselves to the study of signatures, which are becoming more and more widespread, especially in professional life or in the context of public authorities. However, Simon Rohlmann says he is not in a position to assess exactly how much use is made of Microsoft Office signatures in this area.
Click here to read the original paper:
Tel.: +49 6131 628-3280
General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.