Reading Time : 3 minutes
Code signing is a crucial mechanism to establish authenticity and trust, ensuring that software is not compromised during distribution. However, improper code signing practices can introduce significant risks. In this blog, we explore the importance of code signing and delve into the potential consequences of a compromised code signing process.
The Devastating Impact of a Code Signing Failure
Below are a few notable attacks that occurred as a result of code signing compromise or failure:
In June 2017, the global shipping conglomerate A.P. Moller-Maersk fell victim to the NotPetya malware attack.
attack originated from a small Ukrainian software company that had fallen victim to state-sponsored hackers.
vulnerabilities in the company’s security infrastructure, the hackers gained access to the code signing keys,
them to inject malware into a legitimate software update. This malicious update was subsequently distributed to
customers, including A.P. Moller-Maersk, resulting in widespread infection and significant disruptions.
ShadowPad Supply Chain Attack
In 2017, a sophisticated supply chain attack targeted the software update mechanism of the popular Ukrainian
software, MeDoc. The attackers compromised the code signing process, allowing them to distribute a backdoored
update to MeDoc users. This malicious update ultimately led to the spread of the ShadowPad malware, compromising
numerous organizations worldwide.
ASUS Live Update Hack
In 2019, hackers infiltrated ASUS’s web update server and injected malware into legitimate ASUS driver updates.
compromised code signing keys allowed the malicious updates to appear authentic, resulting in over one million
ASUS computers. This attack highlighted the vulnerability of software supply chains and the importance of robust
In 2017, the popular system optimization tool CCleaner was compromised when hackers injected malware into one of
official software updates. The attackers signed the malicious update with a valid code signing certificate,
users into believing it was a legitimate update. The incident affected millions of users and underscored the
significance of code signing integrity.
These attacks serve as a stark reminder of the critical role code signing plays in ensuring the trustworthiness and authenticity of the software.
Assessing Software Trust and Vetting Processes
In light of such incidents, it is crucial to question the level of trust we place in the software we install and utilize. Businesses rely on numerous external software packages to support their daily operations. However, the lack of stringent vetting processes for these software packages can introduce significant risks. To enhance software security, consider the following measures:
Vetting and Whitelisting
Implement a robust process to vet and approve software before allowing users to install it. Consider establishing
whitelist of trusted software and restrict installations to only those approved applications.
Internal Software Production
Recognize the importance of securing your company’s software. Treat your private code signing keys as the keys to
business’s kingdom. Implement strict access controls, encryption, and monitoring mechanisms to safeguard these
theft or misuse. Consider using Hardware Security Modules (HSMs)
to store and protect your code signing keys, as
provide high security and tamper resistance.
Supply Chain Integrity
Ensure that the software you receive from external sources undergoes thorough security checks. Implement
verify the integrity and authenticity of software updates before installation.
Understanding the Code Signing Problem
The efficacy of code signing in protecting software supply chains has been proven over the past three decades. However, certain challenges hinder its effectiveness. Organizations often struggle to effectively manage private code signing keys, leading to vulnerabilities and potential compromises. Let’s explore some common issues:
Lack of Centralized Key Management
Many global organizations have geographically dispersed teams of software developers. These teams require access
private code signing keys to sign their software. However, when keys are stored on developers’ laptops, build
or web update servers, they become susceptible to theft or misuse.
Failure to Recognize Key Importance
Private code signing keys should be treated as the master keys to your business. Unfortunately, organizations
overlook their criticality and fail to implement adequate security measures to protect them.
Insufficient Security Practices
Inadequate security practices, such as weak password management, lack of encryption, and inadequate access
further contribute to code signing vulnerabilities.
Best Practices for Robust Code Signing
To enhance the security and integrity of your software infrastructure, it is imperative to implement best practices for code signing. Consider the following recommendations:
Implement Hardware Security Modules (HSMs)
HSMs provide a dedicated and secure environment for key storage and cryptographic operations. By leveraging HSMs,
organizations can protect their private keys from physical and logical attacks, ensuring the integrity of the
Regularly Rotate Keys
Periodically rotate code signing keys to mitigate the impact of potential key compromises. By regularly updating
organizations minimize the risk of unauthorized access and maintain the trustworthiness of their signed software.
Employ Code Signing Policies and Procedures
Develop comprehensive code-signing
policies and procedures that define roles, responsibilities, and workflows for the
code-signing process. Ensure employees receive proper training and adhere to these policies to maintain a secure
Continuous Monitoring and Auditing
Implement a robust monitoring and auditing mechanism to detect and investigate any suspicious activities related
signing. Regularly review logs and perform audits to identify potential security gaps and take corrective actions
Scan for viruses
While code signing provides authentication, it does not guarantee the security of the code itself. Therefore,
thorough virus and malware scans on the code before publication and signing with digital certificates is highly
recommended. Performing these scans enhances the overall quality of the code and helps identify and mitigate
Want to know how we can assist you?
Encryption Consulting’s CodeSign Secure provides organizations with a comprehensive code-signing solution tailored to their unique requirements. By utilizing this solution, organizations can establish a strong code-signing policy that effectively mitigates security risks and ensures the authenticity of their software. Our product streamlines the code-signing process and offers a range of features designed to enhance security.
One key feature of CodeSign Secure is secure key management. It enables organizations to securely store their private keys of the code-signing certificate by integrating with industry-leading Hardware Security Modules (HSMs) that are FIPS certified. This integration eliminates the potential risks associated with stolen, corrupted, or misused keys, as the private keys never leave the HSM during the code signing operation.
Code signing is a critical component of ensuring software authenticity and trust. However, the potential consequences of a compromised code signing process are severe, as demonstrated by notable attacks like the NotPetya malware attack on A.P. Moller-Maersk and other incidents. To protect your software infrastructure, it is essential to implement robust code-signing practices and prioritize the security of private code-signing keys. Organizations can mitigate the risks associated with code signing failures by adhering to best practices such as HSM usage, regular key rotation, stringent code signing policies, continuous monitoring, and virus scanning.