conference logo

Playlist "May Contain Hackers 2022"

Screaming into the void: All e-signatures in the world are broken!

Kirils Solovjovs

E-signatures in your country are insecure.
They have been hacked 10 years ago.
Everyone knew that but no one wanted to talk about it since there is no easy fix.

We decided to create a PoC and poke the government with it.

This is a story on what happened.

⭐ PoCs included ⭐

Electronically signed documents were a great relief to organizing our daily life during the pandemic. They have actually been helping us for many years (depending on the country).

It's been known for some time that **dynamic content + e-signatures = trouble**, but we were surprised that no one has really done anything about it.
In 2021 we got tired of explaining the vulnerability each partner that sends in a vulnerable asice for signing, so we created multiple practical PoC that allow you to modify content of e-signed documents post-signing.

Some of these PoC work against many countries. And there is PoC for every single country.

- What is the actual impact?
- Why is no-one fixing this?
- Can we even fix it?
- What are we gonna do about it then?