Has a digitally signed file ever been cracked

Discussion in 'other security issues & news' started by victor43, Dec 21, 2011.

Thread Status:
Not open for further replies.
  1. victor43

    victor43 Registered Member

    Joined:
    Nov 4, 2009
    Posts:
    32
    Does anyone know if the algorithm used for creating a digitally signed file has been circumvented (broken/cracked) ? I'm asking only to find out just how how secure is this algorithm. Can someone rely on this digital signature check to ensure the file has not been tampered with ?

    All replies welcome

    Victor
     
    Last edited: Dec 21, 2011
  2. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    I am sure there are folks more knowledgeable than myself on the subject but from what I have seen a cracked file can appear to have a digital signature but always click on the details button to see if it is valid. If it is not you know you have a potential problem. If it is good I have yet personally to experience a problem. When in doubt see if you can find checksums for the original file.
     
    Last edited: Dec 21, 2011
  3. victor43

    victor43 Registered Member

    Joined:
    Nov 4, 2009
    Posts:
    32
    Thank you for your reply. I understand the part of checking to see if the file is authentic by Right Click File -> Select Properties->Choose Digital Signatures -> Then choose Details. I was hoping to learn whether its possible for someone to modify a file by say embedding a trojan or some other kind of malware inside the file but the file still passes the digital signature check ? I don't believe this possible but that is only my opinion.

    Thanks again for the reply.

    Victor
     
  4. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    I don't believe it is possible either, but I have been shown other things I did not think possible. If the file is tampered with I would believe with 99% certainty that is would make the signature fail to validate. If you get a matching checksum as well as a valid signature I would trust the file as genuine.
     
  5. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    I don't know, I guess it would be easier for people with malicious intent to sign the modified file themselves with a stolen digital signature than to crack the existing one.
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    You can't embed a file into a signed file and have it still work by definition.

    But if you were able to crack the encryption behind the signature you could. That has not happened to my knowledge and it is not very likely - though maybe one day.
     
  7. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    Apparently it's possible to embed data inside a digitally signed file without invalidating its certificate, but that data can't execute.

    -http://reboot.pro/15889/
     
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  9. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    408
    Location:
    romania
    what about stuxnet rootkit? it was signed with a realtek certificate, right? i don`t think the cretor/s of stuxnet sent the rootkit to the signer and then just use it...
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    You can hack a company's servers and take their cert or you can hack the encryption. Injecting code and getting it to execute from a signed file should not be possible - maybe with another separate file as well.
     
  11. victor43

    victor43 Registered Member

    Joined:
    Nov 4, 2009
    Posts:
    32
    Thank you for the reply. That is what I believe and AFAIK I don't believe the SHA-1 algorithm has been cracked even though there is plans for a SHA-3 algorithm. See here http://en.wikipedia.org/wiki/SHA-1
     
  12. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    This would be the more easy way to do it. I'd be much more worried about encountering a file signed with a stolen certificate than a cracked already signed file.
     
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Or, you could make a legitimate and digitally signed application launch the malware. Just like the recent event with Adobe Flash Player reported by McAfee.

    https://www.wilderssecurity.com/showthread.php?&t=313426

    Considering that so many people download from unofficial sources, how difficult would it be? :ouch:
     
  14. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
  15. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
Loading...
Thread Status:
Not open for further replies.