37 million digitally signed documents had to be reverified

In November 2014, SEARCH-LAB Ltd. discovered a security vulnerability in multiple computer applications that are used to generate and validate digital signatures, which are applied within the official Hungarian government processes. The vulnerability affected the „e-akta” signed document file format, where a file with a valid digital signature could be manipulated in a way that the verification software indicated a valid signature while it displayed a different document than the original.

Since 2001, as per the Hungarian Act on Electronic Signatures, public documents, private documents with full probative force and also probative documents appropriate for the requirement of a written reservation can be generated in a digital form. In the Hungarian public administration, the most popular set of file formats for managing files with digital signatures is the so called e-akta (.es3, .et3): it is extensively used by the Company Registration Authority, by the official attorneys and liquidators, by the Land Registry and also accepted by banks. In addition, the same file format is used in e-commerce to validate digital invoices. Since July 1, 2008 – following EU standards – the process of company registration in Hungary has been fully digitalized: all company registration and change requests must be electronically administered, and the corresponding records, registry applications, change requests and injunction files (e.g. certificate of incorporation) can be considered certified public documents only in digital format.

The exploitation of the vulnerability found by the experts of SEARCH-LAB Ltd means that one could perform “classic” public document forgery in the digital world. An illustrative example: a malicious attacker could increase the amount of share capital in their digitally signed certificate of incorporation file in a way that when he opened a bank account for the company and the file was verified by employees of the bank, the certificate would still be considered valid.

According to Imre Rad, the IT security researcher who discovered the vulnerability, it is important to mention that the problem is not with the system of digital signatures (the technology and cryptography background has not been compromised), nor the e-akta file format itself – rather, it is a bug in the implementation of several verification software applications. Thus, this security vulnerability does not affect the digital signature of the documents, nor the validity of these e-akta files, only the incorrect display or processing of their contents by old versions of these applications. It is also important to note that attempts to exploit this issue can be detected post factum in all cases: validity of signatures, authenticity of the signer party, integrity of the encapsulated documents as well as the fact of manipulation itself can now be clearly ascertained by a human professional.

In IT security terminology the discovered issue can be classified as an XML Signature Wrapping vulnerability, which means that the verification software uses different data when it performs the signature verification and when it is displays the contents for the user. SEARCH-LAB Ltd analysed the software products of the two leading vendors: e-Szignó by Microsec and MOKKA by NetLock. The vulnerability was present in both applications until the bug-fix releases were published in December 2014. Furthermore, considering that these applications must go through a certification process, this attack has avoided the notice of at least 4 independent parties (including two auditors).

Fixing the bug and updating the applications to their new versions was realized by exemplary cooperation within this profession area, through the active involvement of the Magyar Elektronikus Aláírás Szövetség (Hungarian Digital Signature Alliance) as well as GovCERT Hungary. SEARCH-LAB Ltd worked together with the affected vendors in the fixing process, and also assisted with the validation of the new software versions.

The authenticity of the more than 37 million e-akta files stored in several archives was re-verified retroactively by Microsec and Netlock. No traces of abuse were found; thus we can be confident that all previously-verified e-akta files are indeed valid, and they would also be found valid by the recent, bug-fixed versions of the applications.

While authorities responsible for certifying software products or devices creating and verifying digital signatures informed all potentially affected clients among their customer base, GovCERT-Hungary emphasized the importance of urgently upgrading to the fixed versions within the government sector, which covers most of the organizations using e-akta files. To help other organizations – including companies receiving e-akta based invoices – that may have doubts about the authenticity of their locally stored and handled digitally signed documents, SEARCH-LAB Ltd has developed a special tool for detecting e-akta files that have been maliciously modified. This tool can be downloaded from https://www.search-lab.hu/eakta, where additional technical details are also available.